CVE-2008-1502
published 2008-03-25CVE-2008-1502: The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
10.50%
95.2th percentile
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
Affected
49 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wordpress | < wordpress 2.5.0-1 (bookworm) | wordpress 2.5.0-1 (bookworm) |
| egroupware | egroupware | <= 1.4.002 | — |
| egroupware | egroupware | — | — |
| egroupware | egroupware | — | — |
| egroupware | egroupware | — | — |
| egroupware | egroupware | — | — |
| egroupware | egroupware | — | — |
| egroupware | egroupware | — | — |
| moodle | moodle | <= 1.8.4 | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Moodle vulnerability
vendor_ubuntu·2008-10-23
CVE-2008-1502 Moodle vulnerability
Title: Moodle vulnerability
Summary: Moodle vulnerability
Lukasz Pilorz discovered that the HTML filtering used in Moodle was not
strict enough. A remote attacker could send malicious requests to Moodle
and execute arbitrary code as the web server user.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
moodle: KSES related XSS issue
vendor_redhat·2008-04-16·CVSS 4.3
CVE-2008-1502 [MEDIUM] CWE-79 moodle: KSES related XSS issue
moodle: KSES related XSS issue
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
Debian
CVE-2008-1502: wordpress - The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as u...
vendor_debian·2008·CVSS 4.3
CVE-2008-1502 [MEDIUM] CVE-2008-1502: wordpress - The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as u...
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
Scope: local
bookworm: resolved (fixed in 2.5.0-1)
bullseye: resolved (fixed in 2.5.0-1)
forky: resolved (fixed in 2.5.0-1)
sid: resolved (fixed in 2.5.0-1)
trixie: resolved (fixed in 2.5.0-1)
GHSA
Moodle vulnerable to Cross-site scripting
ghsa·2022-05-01
CVE-2008-1502 [MEDIUM] CWE-79 Moodle vulnerable to Cross-site scripting
Moodle vulnerable to Cross-site scripting
The `_bad_protocol_once` function in `phpgwapi/inc/class.kses.inc.php` in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
OSV
Moodle vulnerable to Cross-site scripting
osv·2022-05-01
CVE-2008-1502 [MEDIUM] Moodle vulnerable to Cross-site scripting
Moodle vulnerable to Cross-site scripting
The `_bad_protocol_once` function in `phpgwapi/inc/class.kses.inc.php` in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
OSV
CVE-2008-1502: The _bad_protocol_once function in phpgwapi/inc/class
osv·2008-03-25·CVSS 4.3
CVE-2008-1502 [MEDIUM] CVE-2008-1502: The _bad_protocol_once function in phpgwapi/inc/class
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
No detection rules found.
No public exploits indexed.
http://docs.moodle.org/en/Release_Notes#Moodle_1.8.5http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.htmlhttp://secunia.com/advisories/29491http://secunia.com/advisories/30073http://secunia.com/advisories/30986http://secunia.com/advisories/31017http://secunia.com/advisories/31018http://secunia.com/advisories/31167http://secunia.com/advisories/32400http://secunia.com/advisories/32446http://www.debian.org/security/2008/dsa-1691http://www.debian.org/security/2009/dsa-1871http://www.egroupware.org/changeloghttp://www.egroupware.org/viewvc/branches/1.4/phpgwapi/inc/class.kses.inc.php?r1=23625&r2=25110&pathrev=25110http://www.gentoo.org/security/en/glsa/glsa-200805-04.xmlhttp://www.openwall.com/lists/oss-security/2008/07/08/14http://www.securityfocus.com/bid/28424http://www.vupen.com/english/advisories/2008/0989/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41435https://usn.ubuntu.com/658-1/https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00331.htmlhttp://docs.moodle.org/en/Release_Notes#Moodle_1.8.5http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.htmlhttp://secunia.com/advisories/29491http://secunia.com/advisories/30073http://secunia.com/advisories/30986http://secunia.com/advisories/31017http://secunia.com/advisories/31018http://secunia.com/advisories/31167http://secunia.com/advisories/32400http://secunia.com/advisories/32446http://www.debian.org/security/2008/dsa-1691http://www.debian.org/security/2009/dsa-1871http://www.egroupware.org/changeloghttp://www.egroupware.org/viewvc/branches/1.4/phpgwapi/inc/class.kses.inc.php?r1=23625&r2=25110&pathrev=25110http://www.gentoo.org/security/en/glsa/glsa-200805-04.xmlhttp://www.openwall.com/lists/oss-security/2008/07/08/14http://www.securityfocus.com/bid/28424http://www.vupen.com/english/advisories/2008/0989/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41435https://usn.ubuntu.com/658-1/https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00331.html
2008-03-25
Published