itdb 1.23 - Cross-Site Scripting (XSS)

Closed this issue 8 years ago · 10 comments

bestshow commented 8 years ago

Uploading itdb 1.23 - Cross-Site Scripting (XSS).docx…

Chefkeks commented 8 years ago

Uploading itdb 1.23 - Cross-Site Scripting (XSS).docx…

Looks like you saved too soon, so you should re-upload the document maybe ;)

nikband commented 8 years ago

I think that it's a possibile "spam" with virus ...

Chefkeks commented 8 years ago

Yes I know, that's possible too, but since @bestshow opened an issue here with a valid word document too, I don't think so.

👍1

nikband commented 8 years ago

I hope so in a good document from @bestshow. Please bestshow attach a new document

bestshow commented 8 years ago

OK，I re-upload the document again.
itdb 1.23 - Cross-Site Scripting (XSS).docx

bestshow commented 8 years ago

@nikband @Chefkeks Do you see the document ?

Chefkeks commented 8 years ago

Everything is fine now and document can be read.
Now its up to @sivann as developer to react.

👍1

bestshow commented 8 years ago

Thanks.

👍1

bestshow commented 8 years ago

@nikband @Chefkeks Please assign CVEs if you think they are suitable for identifiers.

sivann commented 8 years ago

Guys pleas read the "Security" and "Welcomed pull requests" paragraphs. ITDB is full of security issues, don't expose as is on public internet. There is no patching this, it needs to be rewritten.