Back to search
CVE-2008-1502
Published: Mar 25, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
29491
third-party-advisory
x_refsource_SECUNIA
31017
third-party-advisory
x_refsource_SECUNIA
32400
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2008:015
vendor-advisory
x_refsource_SUSE
32446
third-party-advisory
x_refsource_SECUNIA
DSA-1871
vendor-advisory
x_refsource_DEBIAN
30986
third-party-advisory
x_refsource_SECUNIA
egroupware-badprotocolonce-security-bypass(41435)
vdb-entry
x_refsource_XF
FEDORA-2008-6226
vendor-advisory
x_refsource_FEDORA
31018
third-party-advisory
x_refsource_SECUNIA
USN-658-1
vendor-advisory
x_refsource_UBUNTU
http://docs.moodle.org/en/Release_Notes#Moodle_1.8.5
x_refsource_CONFIRM
[oss-security] 20080708 Re: CVE request: moodle xss in < 1.8.5
mailing-list
x_refsource_MLIST
30073
third-party-advisory
x_refsource_SECUNIA
http://www.egroupware.org/changelog
x_refsource_CONFIRM
28424
vdb-entry
x_refsource_BID
GLSA-200805-04
vendor-advisory
x_refsource_GENTOO
ADV-2008-0989
vdb-entry
x_refsource_VUPEN
DSA-1691
vendor-advisory
x_refsource_DEBIAN
31167
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now