Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1502

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1502
Last Modified 26 Nov 2012 10:44:33
Published 25 Mar 2008 03:44:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1502

Summary

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

Vulnerable Systems

Application

  • Egroupware 1.0

  • Egroupware 1.0.1

  • Egroupware 1.0.3

  • Egroupware 1.0.6

  • Egroupware 1.2.106-2

  • Egroupware 1.4.001

  • Egroupware 1.4.002

  • Moodle 1.1.1

  • Moodle 1.2

  • Moodle 1.2.1

  • Moodle 1.3

  • Moodle 1.3.1

  • Moodle 1.3.2

  • Moodle 1.3.3

  • Moodle 1.3.4

  • Moodle 1.4.1

  • Moodle 1.4.2

  • Moodle 1.4.3

  • Moodle 1.4.4

  • Moodle 1.4.5

  • Moodle 1.5

  • Moodle 1.5.1

  • Moodle 1.5.2

  • Moodle 1.5.3

  • Moodle 1.6

  • Moodle 1.6.1

  • Moodle 1.6.2

  • Moodle 1.6.3

  • Moodle 1.6.4

  • Moodle 1.6.5

  • Moodle 1.6.6

  • Moodle 1.6.7

  • Moodle 1.7

  • Moodle 1.7.1

  • Moodle 1.7.2

  • Moodle 1.7.3

  • Moodle 1.7.4

  • Moodle 1.7.5

  • Moodle 1.7.6

  • Moodle 1.8

  • Moodle 1.8.1

  • Moodle 1.8.2

  • Moodle 1.8.3

  • Moodle 1.8.4


References

BID - 28424

DEBIAN - DSA-1691

CONFIRM - http://docs.moodle.org/en/Release_Notes#Moodle_1.8.5

FEDORA - FEDORA-2008-6226

XF - egroupware-badprotocolonce-security-bypass(41435)

VUPEN - ADV-2008-0989

UBUNTU - USN-658-1

MLIST - [oss-security] 20080708 Re: CVE request: moodle xss in < 1.8.5

GENTOO - GLSA-200805-04

MISC - http://www.egroupware.org/viewvc/branches/1.4/phpgwapi/inc/class.kses.inc.php?r1=23625&r2=25110&pathrev=25110

CONFIRM - http://www.egroupware.org/changelog

DEBIAN - DSA-1871

SECUNIA - 32446

SECUNIA - 32400

SECUNIA - 31018

SECUNIA - 31017

SECUNIA - 30986

SECUNIA - 30073

SECUNIA - 29491

SUSE - SUSE-SR:2008:015

SECUNIA - 31167


Last Updated: 27 May 2016 11:01:24