CVE-2008-1502

Опубликовано: 25 мар. 2008

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4.3

Описание

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

Релиз	Статус	Примечание
dapper	ignored	end of life
devel	not-affected
edgy	ignored	end of life, was needed
feisty	ignored	end of life, was needed
gutsy	ignored	end of life, was needed
hardy	released	1.2.107-2.dfsg-2ubuntu1
intrepid	not-affected
jaunty	not-affected
karmic	not-affected
upstream	released	1.4.003

Показывать по

Релиз	Статус	Примечание
dapper	ignored	end of life
devel	released	1.8.2-1ubuntu2.1
edgy	ignored	end of life, was needed
feisty	ignored	end of life, was needed
gutsy	released	1.8.2-1ubuntu2.1
hardy	released	1.8.2-1ubuntu4.1
intrepid	released	1.8.2-1ubuntu2.1
jaunty	released	1.8.2-1ubuntu2.1
karmic	released	1.8.2-1ubuntu2.1
upstream	released	1.8.5

Показывать по

Ссылки на источники

EPSS

Процентиль: 77%

0.01086

Низкий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2008-1502

redhat

больше 17 лет назад

CVE-2008-1502

nvd

больше 17 лет назад

CVE-2008-1502

debian

больше 17 лет назад

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in ...

GHSA-v759-3wr5-p294

github

больше 3 лет назад

Moodle vulnerable to Cross-site scripting

EPSS

Процентиль: 77%

0.01086

Низкий

4.3 Medium

CVSS2

CVE-2008-1502

Описание

Пакет egroupware

Пакет moodle

Ссылки на источники

Связанные уязвимости