cbcvebase.
CVE-2008-1502
published 2008-03-25

CVE-2008-1502: The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products…

PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
10.50%
95.2th percentile
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

Affected

49 ranges· showing 25
VendorProductVersion rangeFixed in
debianwordpress< wordpress 2.5.0-1 (bookworm)wordpress 2.5.0-1 (bookworm)
egroupwareegroupware<= 1.4.002
egroupwareegroupware
egroupwareegroupware
egroupwareegroupware
egroupwareegroupware
egroupwareegroupware
egroupwareegroupware
moodlemoodle<= 1.8.4
moodlemoodle
moodlemoodle
moodlemoodle
moodlemoodle
moodlemoodle
moodlemoodle
moodlemoodle
moodlemoodle
moodlemoodle
moodlemoodle
moodlemoodle
moodlemoodle
moodlemoodle
moodlemoodle
moodlemoodle
moodlemoodle

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.