CVE-2015-10049 – Overdrive Eletrônica course-builder oeditor.html cross site scripting

https://notcve.org/view.php?id=CVE-2015-10049

A vulnerability was found in Overdrive Eletrônica course-builder up to 1.7.x and classified as problematic. Affected by this issue is some unknown functionality of the file coursebuilder/modules/oeditor/oeditor.html. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.0 is able to address this issue. • https://github.com/overdrive-diy/course-builder/commit/e39645fd714adb7e549908780235911ae282b21b https://github.com/overdrive-diy/course-builder/releases/tag/V1.8.0 https://vuldb.com/?ctiid.218372 https://vuldb.com/?id.218372 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •