CVE-2008-1502
Published: 25 March 2008
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
egroupware Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| edgy |
Ignored
(end of life, was needed)
|
|
| feisty |
Ignored
(end of life, was needed)
|
|
| gutsy |
Ignored
(end of life, was needed)
|
|
| hardy |
Released
(1.2.107-2.dfsg-2ubuntu1)
|
|
| intrepid |
Not vulnerable
|
|
| jaunty |
Not vulnerable
|
|
| karmic |
Not vulnerable
|
|
| upstream |
Released
(1.4.003)
|
|
|
moodle Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| edgy |
Ignored
(end of life, was needed)
|
|
| feisty |
Ignored
(end of life, was needed)
|
|
| gutsy |
Released
(1.8.2-1ubuntu2.1)
|
|
| hardy |
Released
(1.8.2-1ubuntu4.1)
|
|
| intrepid |
Released
(1.8.2-1ubuntu2.1)
|
|
| jaunty |
Released
(1.8.2-1ubuntu2.1)
|
|
| karmic |
Released
(1.8.2-1ubuntu2.1)
|
|
| upstream |
Released
(1.8.5)
|
|
|
Patches: vendor: http://patch-tracking.debian.net/patch/series/view/moodle/1.8.2-1.3/CVE-2008-1502.dpatch |
||