CVE-2016-10216

Name of the Vulnerable Software and Affected Versions IT ITems DataBase (ITDB) versions 1.23 and earlier

Description The issue is caused by insufficient filtration of user-supplied data in the value HTTP POST parameter passed to the "itdb-1.23/js/DataTables-1.8.2/examples/examples support/editable ajax.php" API endpoint. This allows an attacker to execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Recommendations For IT ITems DataBase (ITDB) versions 1.23 and earlier, consider restricting access to the "itdb-1.23/js/DataTables-1.8.2/examples/examples support/editable ajax.php" API endpoint until a patch is available. As a temporary workaround, avoid using the value parameter in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.