SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2008-1502

Date: (C)2008-03-25 (M)2023-12-22

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE

Reference:

FEDORA-2008-6226

SUSE-SR:2008:015

http://www.openwall.com/lists/oss-security/2008/07/08/14

egroupware-badprotocolonce-security-bypass(41435)

http://docs.moodle.org/en/Release_Notes#Moodle_1.8.5

http://www.egroupware.org/changelog

http://www.egroupware.org/viewvc/branches/1.4/phpgwapi/inc/class.kses.inc.php?r1=23625&r2=25110&pathrev=25110

cpe:/a:moodle:moodle
cpe:/a:moodle:moodle:1.8.2
cpe:/a:moodle:moodle:1.7.3
cpe:/a:moodle:moodle:1.6.4
...

oval:org.mitre.oval:def:7939
oval:org.mitre.oval:def:8072
oval:org.secpod.oval:def:600328
oval:org.secpod.oval:def:600449
...

© SecPod Technologies