Vulnerabilities

CVE-2008-1502

by Fred · 25/03/2008

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

Date published : 2008-03-25

http://www.securityfocus.com/bid/28424

http://docs.moodle.org/en/Release_Notes#Moodle_1.8.5

Similar

Tags: Cybersecurity Alert