CVE-2008-1502
25.03.2008, 19:44
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
| Vendor | Product | Version |
|---|---|---|
| egroupware | egroupware | 𝑥 ≤ 1.4.002 |
| egroupware | egroupware | 1.0 |
| egroupware | egroupware | 1.0.1 |
| egroupware | egroupware | 1.0.3 |
| egroupware | egroupware | 1.0.6 |
| egroupware | egroupware | 1.2.106-2 |
| egroupware | egroupware | 1.4.001 |
| moodle | moodle | 𝑥 ≤ 1.8.4 |
| moodle | moodle | 1.1.1 |
| moodle | moodle | 1.2.0 |
| moodle | moodle | 1.2.1 |
| moodle | moodle | 1.3.0 |
| moodle | moodle | 1.3.1 |
| moodle | moodle | 1.3.2 |
| moodle | moodle | 1.3.3 |
| moodle | moodle | 1.3.4 |
| moodle | moodle | 1.4.1 |
| moodle | moodle | 1.4.2 |
| moodle | moodle | 1.4.3 |
| moodle | moodle | 1.4.4 |
| moodle | moodle | 1.4.5 |
| moodle | moodle | 1.5 |
| moodle | moodle | 1.5.0:beta |
| moodle | moodle | 1.5.1 |
| moodle | moodle | 1.5.2 |
| moodle | moodle | 1.5.3 |
| moodle | moodle | 1.6.0 |
| moodle | moodle | 1.6.1 |
| moodle | moodle | 1.6.2 |
| moodle | moodle | 1.6.3 |
| moodle | moodle | 1.6.4 |
| moodle | moodle | 1.6.5 |
| moodle | moodle | 1.6.6 |
| moodle | moodle | 1.6.7 |
| moodle | moodle | 1.7.1 |
| moodle | moodle | 1.7.2 |
| moodle | moodle | 1.7.3 |
| moodle | moodle | 1.7.4 |
| moodle | moodle | 1.7.5 |
| moodle | moodle | 1.7.6 |
| moodle | moodle | 1.8.1 |
| moodle | moodle | 1.8.2 |
| moodle | moodle | 1.8.3 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| egroupware |
| ||||||||||||||||
| moodle |
|
References