exploitDog

CVE-2008-1502

Опубликовано: 16 апр. 2008

Источник: redhat

EPSS Низкий

Описание

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2008-1502

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=454246moodle: KSES related XSS issue

EPSS

Процентиль: 77%

0.01086

Низкий

Связанные уязвимости

CVE-2008-1502

ubuntu

около 17 лет назад

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

CVE-2008-1502

nvd

около 17 лет назад

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

CVE-2008-1502

debian

около 17 лет назад

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in ...

GHSA-v759-3wr5-p294

github

около 3 лет назад

Moodle vulnerable to Cross-site scripting

EPSS

Процентиль: 77%

0.01086

Низкий