itdb 1.23 - Cross-Site Scripting (XSS)

[bestshow]

[Uploading itdb 1.23 - Cross-Site Scripting (XSS).docx…]()

[Chefkeks]

@bestshow

Uploading itdb 1.23 - Cross-Site Scripting (XSS).docx…

Looks like you saved too soon, so you should re-upload the document maybe ;)

[nikband]

I think that it's a possibile "spam" with virus ...

[Chefkeks]

Yes I know, that's possible too, but since @bestshow opened an issue here with a valid word document too, I don't think so.

[nikband]

I hope so in a good document from @bestshow. Please bestshow attach a new document

[bestshow]

OK，I re-upload the document again. itdb 1.23 - Cross-Site Scripting (XSS).docx

[bestshow]

@nikband @Chefkeks Do you see the document ?

[Chefkeks]

Everything is fine now and document can be read. Now its up to @sivann as developer to react.

[bestshow]

Thanks.

[bestshow]

@nikband @Chefkeks Please assign CVEs if you think they are suitable for identifiers.

[sivann]

Guys pleas read the "Security" and "Welcomed pull requests" paragraphs. ITDB is full of security issues, don't expose as is on public internet. There is no patching this, it needs to be rewritten.