Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

itdb 1.23 - Cross-Site Scripting (XSS) #56

Closed
bestshow opened this issue Nov 28, 2016 · 10 comments
Closed

itdb 1.23 - Cross-Site Scripting (XSS) #56

bestshow opened this issue Nov 28, 2016 · 10 comments

Comments

@bestshow
Copy link

Uploading itdb 1.23 - Cross-Site Scripting (XSS).docx…

@Chefkeks
Copy link
Contributor

@bestshow

Uploading itdb 1.23 - Cross-Site Scripting (XSS).docx…

Looks like you saved too soon, so you should re-upload the document maybe ;)

@nikband
Copy link

nikband commented Dec 15, 2016

I think that it's a possibile "spam" with virus ...

@Chefkeks
Copy link
Contributor

Yes I know, that's possible too, but since @bestshow opened an issue here with a valid word document too, I don't think so.

@nikband
Copy link

nikband commented Dec 15, 2016

I hope so in a good document from @bestshow. Please bestshow attach a new document

@bestshow
Copy link
Author

OK,I re-upload the document again.
itdb 1.23 - Cross-Site Scripting (XSS).docx

@bestshow
Copy link
Author

@nikband @Chefkeks Do you see the document ?

@Chefkeks
Copy link
Contributor

Everything is fine now and document can be read.
Now its up to @sivann as developer to react.

@bestshow
Copy link
Author

Thanks.

@bestshow
Copy link
Author

bestshow commented Jan 9, 2017

@nikband @Chefkeks Please assign CVEs if you think they are suitable for identifiers.

@sivann
Copy link
Owner

sivann commented Jan 9, 2017

Guys pleas read the "Security" and "Welcomed pull requests" paragraphs. ITDB is full of security issues, don't expose as is on public internet. There is no patching this, it needs to be rewritten.

@sivann sivann closed this as completed Jan 9, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants