Cross-Site Scripting Flaw in eGroupWare and Moodle by eGroupWare
CVE-2008-1502

Currently unrated

Key Information:

Vendor: Egroupware
Status: Egroupware; Moodle
Vendor: CVE Published:; 25 March 2008

What is CVE-2008-1502?

The _bad_protocol_once function within phpgwapi/inc/class.kses.inc.php of KSES in eGroupWare and Moodle prior to specific versions enables remote attackers to exploit HTML filtering weaknesses. By crafting specific URL protocols, attackers can bypass security measures, potentially leading to XSS attacks that compromise user data and website integrity.

References

http://secunia.com/advisories/29491

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/31017

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/32400

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2008
Vulnerability Reserved
Mar 25, 2008

Egroupware

What is CVE-2008-1502?

References

Timeline