Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2008-1502

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

  • Published: Mar 25, 2008
  • Updated: Apr 13, 2023
  • CVE: CVE-2008-1502
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
egroupware / egroupware 1.0 1.0.x
moodle / moodle 1.5.2 1.5.2.x
moodle / moodle 1.6.1 1.6.1.x
moodle / moodle 1.8.2 1.8.2.x
egroupware / egroupware - 1.4.002.x
moodle / moodle 1.2.1 1.2.1.x
moodle / moodle 1.4.2 1.4.2.x
moodle / moodle 1.6.5 1.6.5.x
moodle / moodle 1.3.3 1.3.3.x
moodle / moodle 1.4.3 1.4.3.x
egroupware / egroupware 1.0.6 1.0.6.x
moodle / moodle 1.4.5 1.4.5.x
moodle / moodle 1.7.6 1.7.6.x
moodle / moodle 1.6.2 1.6.2.x
moodle / moodle 1.7.1 1.7.1.x
moodle / moodle - 1.8.4.x
egroupware / egroupware 1.2.106-2 1.2.106-2.x
moodle / moodle 1.8.3 1.8.3.x
moodle / moodle 1.3.2 1.3.2.x
egroupware / egroupware 1.0.3 1.0.3.x
moodle / moodle 1.6.4 1.6.4.x
moodle / moodle 1.1.1 1.1.1.x
moodle / moodle 1.3.1 1.3.1.x
moodle / moodle 1.6.7 1.6.7.x
moodle / moodle 1.4.4 1.4.4.x
moodle / moodle 1.7.3 1.7.3.x
moodle / moodle 1.7.2 1.7.2.x
moodle / moodle 1.5.3 1.5.3.x
moodle / moodle 1.6.3 1.6.3.x
moodle / moodle 1.6.6 1.6.6.x
moodle / moodle 1.5 1.5.x
moodle / moodle 1.4.1 1.4.1.x
moodle / moodle 1.7.5 1.7.5.x
moodle / moodle 1.5.1 1.5.1.x
moodle / moodle 1.3.4 1.3.4.x
egroupware / egroupware 1.4.001 1.4.001.x
moodle / moodle 1.8.1 1.8.1.x
moodle / moodle 1.7.4 1.7.4.x
egroupware / egroupware 1.0.1 1.0.1.x
moodle / moodle 1.2.0 1.2.0.x
moodle / moodle 1.3.0 1.3.0.x
moodle / moodle 1.6.0 1.6.0.x
moodle / moodle 1.5.0-beta 1.5.0-beta.x