CVE-2008-1502
Published: 25 March 2008
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
Priority
Status
Package | Release | Status |
---|---|---|
egroupware Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(1.2.107-2.dfsg-2ubuntu1)
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
upstream |
Released
(1.4.003)
|
|
moodle Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(1.8.2-1ubuntu2.1)
|
|
hardy |
Released
(1.8.2-1ubuntu4.1)
|
|
intrepid |
Released
(1.8.2-1ubuntu2.1)
|
|
jaunty |
Released
(1.8.2-1ubuntu2.1)
|
|
karmic |
Released
(1.8.2-1ubuntu2.1)
|
|
upstream |
Released
(1.8.5)
|
|
Patches: vendor: http://patch-tracking.debian.net/patch/series/view/moodle/1.8.2-1.3/CVE-2008-1502.dpatch |