CVE-2015-10049

Name of the Vulnerable Software and Affected Versions Overdrive Eletrônica course-builder versions up to 1.7.x

Description A vulnerability was found in the course-builder, classified as problematic, affecting some unknown functionality of the file coursebuilder/modules/oeditor/oeditor.html. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.0 is able to address this issue.

Recommendations For versions up to 1.7.x, upgrade to version 1.8.0 to address the issue. As a temporary workaround, consider restricting access to the file coursebuilder/modules/oeditor/oeditor.html until the upgrade is applied.