I discoverd that there are three other XSS vulnerabilities within the software wich can be performed by editing the URL of three different sections.
* Rate File
* Email to Friend
I discovered this by clicking at first the link to email to a friend and then removed everything out of the URL after &id=4 and added ?<script>alert('Testing')</script>" and just as i expected it worked. I moved on to email to a friend the same way and it worked and then I proceded to make the change action=download&id=4?"<script>alert('Testing')</script>" and again it worked. I then decided to check stats and to my surprise there it did not work.
I have not contacted php arena as of yet but i am about to, hopefully since they fixed it in the search feild all they should have to do is release the code or apply it themselves and then come out with an update. Wich shouldnt take long. I hope
Another XSS vulnerability provided by ersatz
http://ersatz.n3t.net :: A nice place to chill out and learn something new