PT-2023-10228 · Overdrive Eletrônica · Course-Builder
Jorr
·
Published
2023-01-15
·
Updated
2024-05-17
·
CVE-2015-10049
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Overdrive Eletrônica course-builder versions up to 1.7.x
Description
A vulnerability was found in the course-builder, classified as problematic, affecting some unknown functionality of the file coursebuilder/modules/oeditor/oeditor.html. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.0 is able to address this issue.
Recommendations
For versions up to 1.7.x, upgrade to version 1.8.0 to address the issue.
As a temporary workaround, consider restricting access to the file coursebuilder/modules/oeditor/oeditor.html until the upgrade is applied.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Course-Builder