Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-v759-3wr5-p294

Опубликовано: 01 мая 2022
Источник: github
Github: Прошло ревью

Описание

Moodle vulnerable to Cross-site scripting

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

Ссылки

Пакеты

Наименование

moodle/moodle

composer
Затронутые версииВерсия исправления

< 1.8.5

1.8.5

EPSS

Процентиль: 77%
0.01086
Низкий

CVE ID

CVE-2008-1502

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2008-1502

ubuntu
около 17 лет назад

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

redhat логотип

CVE-2008-1502

redhat
около 17 лет назад

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

nvd логотип

CVE-2008-1502

nvd
около 17 лет назад

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

debian логотип

CVE-2008-1502

debian
около 17 лет назад

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in ...

EPSS

Процентиль: 77%
0.01086
Низкий

CVE ID

CVE-2008-1502

Дефекты

CWE-79