VDB-218372 · CVE-2015-10049 · GCVE-100-218372

Overdrive Eletrônica course-builder ଯେପର୍ଯ୍ୟନ୍ତ 1.7.x oeditor.html କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ

Dogoggorri kan akka ସମସ୍ୟାଜନକ jedhamuun ramadame Overdrive Eletrônica course-builder ଯେପର୍ଯ୍ୟନ୍ତ 1.7.x keessatti argameera. Miidhamni argame is hojii hin beekamne faayilii coursebuilder/modules/oeditor/oeditor.html keessa. Wanti jijjiirame gara କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ geessa. Rakkoo ibsuuf CWE yoo fayyadamte gara CWE-79 si geessa. Odeeffannoon kun yeroo 01/14/2023 maxxanfameera akka e39645fd714adb7e549908780235911ae282b21b. Odeeffannoon kun buufachuuf github.com irratti argama. Dogoggorri kun CVE-2015-10049 jedhamee waamama. Weerara fageenya irraa jalqabuu ni danda'ama. Ibsa teeknikaa ni jira. Meeshaa balaa kana fayyadamuuf hin jirre. Ammas, gatii exploit might be approx. USD $0-$5k yeroo ammaa irratti argamuu danda'a. ଅପରିଭାଷିତ ta’uu isaa ibsameera. Akka 0-daytti, gatiin isaa daldala dhoksaa keessatti $0-$5k akka ta'e tilmaamameera. Idaantifayarii paachii e39645fd714adb7e549908780235911ae282b21b dha. Sirreeffamni dogoggoraa github.com irraa buufachuuf qophaa’eera. Qabiyyee miidhamte haaromsuuf gorsa ni kennama. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 ଆଡାପ୍ଟେସନ୍ · 73 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 01/14/2023 06:08 PM	ଅଦ୍ୟତନ 1/2 02/07/2023 02:29 PM	ଅଦ୍ୟତନ 2/2 02/07/2023 02:31 PM
software_vendor	Overdrive Eletrônica	Overdrive Eletrônica	Overdrive Eletrônica
software_name	course-builder	course-builder	course-builder
software_version	<=1.7.x	<=1.7.x	<=1.7.x
software_file	coursebuilder/modules/oeditor/oeditor.html	coursebuilder/modules/oeditor/oeditor.html	coursebuilder/modules/oeditor/oeditor.html
vulnerability_cwe	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)	CWE-79 (କ୍ରସ୍ ସାଇଟ୍ ସ୍କ୍ରିପ୍ଟିଂ)
vulnerability_risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
advisory_identifier	e39645fd714adb7e549908780235911ae282b21b	e39645fd714adb7e549908780235911ae282b21b	e39645fd714adb7e549908780235911ae282b21b
advisory_url	https://github.com/overdrive-diy/course-builder/commit/e39645fd714adb7e549908780235911ae282b21b	https://github.com/overdrive-diy/course-builder/commit/e39645fd714adb7e549908780235911ae282b21b	https://github.com/overdrive-diy/course-builder/commit/e39645fd714adb7e549908780235911ae282b21b
countermeasure_name	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ
upgrade_version	1.8.0	1.8.0	1.8.0
countermeasure_upgrade_url	https://github.com/overdrive-diy/course-builder/releases/tag/V1.8.0	https://github.com/overdrive-diy/course-builder/releases/tag/V1.8.0	https://github.com/overdrive-diy/course-builder/releases/tag/V1.8.0
patch_name	e39645fd714adb7e549908780235911ae282b21b	e39645fd714adb7e549908780235911ae282b21b	e39645fd714adb7e549908780235911ae282b21b
countermeasure_patch_url	https://github.com/overdrive-diy/course-builder/commit/e39645fd714adb7e549908780235911ae282b21b	https://github.com/overdrive-diy/course-builder/commit/e39645fd714adb7e549908780235911ae282b21b	https://github.com/overdrive-diy/course-builder/commit/e39645fd714adb7e549908780235911ae282b21b
source_cve	CVE-2015-10049	CVE-2015-10049	CVE-2015-10049
cna_responsible	VulDB	VulDB	VulDB
advisory_date	1673650800 (01/14/2023)	1673650800 (01/14/2023)	1673650800 (01/14/2023)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	4.0	4.0	4.0
cvss2_vuldb_tempscore	3.5	3.5	3.5
cvss3_vuldb_basescore	3.5	3.5	3.5
cvss3_vuldb_tempscore	3.4	3.4	3.4
cvss3_meta_basescore	3.5	3.5	4.4
cvss3_meta_tempscore	3.4	3.4	4.3
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1673650800 (01/14/2023)	1673650800 (01/14/2023)
cve_nvd_summary		A vulnerability was found in Overdrive Eletrônica course-builder up to 1.7.x and classified as problematic. Affected by this issue is some unknown functionality of the file coursebuilder/modules/oeditor/oeditor.html. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.0 is able to address this issue. The name of the patch is e39645fd714adb7e549908780235911ae282b21b. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218372.	A vulnerability was found in Overdrive Eletrônica course-builder up to 1.7.x and classified as problematic. Affected by this issue is some unknown functionality of the file coursebuilder/modules/oeditor/oeditor.html. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.0 is able to address this issue. The name of the patch is e39645fd714adb7e549908780235911ae282b21b. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218372.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			C
cvss3_nvd_c			L
cvss3_nvd_i			L
cvss3_nvd_a			N
cvss2_nvd_av			N
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			N
cvss2_nvd_ii			P
cvss2_nvd_ai			N
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cve_cna			VulDB
cvss2_nvd_basescore			4.0
cvss3_nvd_basescore			6.1
cvss3_cna_basescore			3.5

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Interested in the pricing of exploits?

See the underground prices here!