CVE - CVE-2008-1502

CVE-ID
CVE-2008-1502	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:28424 URL:http://www.securityfocus.com/bid/28424 CONFIRM:http://docs.moodle.org/en/Release_Notes#Moodle_1.8.5 CONFIRM:http://www.egroupware.org/changelog DEBIAN:DSA-1691 URL:http://www.debian.org/security/2008/dsa-1691 DEBIAN:DSA-1871 URL:http://www.debian.org/security/2009/dsa-1871 FEDORA:FEDORA-2008-6226 URL:https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00331.html GENTOO:GLSA-200805-04 URL:http://www.gentoo.org/security/en/glsa/glsa-200805-04.xml MISC:http://www.egroupware.org/viewvc/branches/1.4/phpgwapi/inc/class.kses.inc.php?r1=23625&r2=25110&pathrev=25110 MLIST:[oss-security] 20080708 Re: CVE request: moodle xss in < 1.8.5 URL:http://www.openwall.com/lists/oss-security/2008/07/08/14 SECUNIA:29491 URL:http://secunia.com/advisories/29491 SECUNIA:30073 URL:http://secunia.com/advisories/30073 SECUNIA:30986 URL:http://secunia.com/advisories/30986 SECUNIA:31017 URL:http://secunia.com/advisories/31017 SECUNIA:31018 URL:http://secunia.com/advisories/31018 SECUNIA:31167 URL:http://secunia.com/advisories/31167 SECUNIA:32400 URL:http://secunia.com/advisories/32400 SECUNIA:32446 URL:http://secunia.com/advisories/32446 SUSE:SUSE-SR:2008:015 URL:http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html UBUNTU:USN-658-1 URL:https://usn.ubuntu.com/658-1/ VUPEN:ADV-2008-0989 URL:~~http://www.vupen.com/english/advisories/2008/0989/references~~ (Obsolete source) XF:egroupware-badprotocolonce-security-bypass(41435) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/41435
Assigning CNA
MITRE Corporation
Date Record Created
20080325	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080325)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)