CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Egroupware: >> Egroupware >> 1.2.106-2 Security Vulnerabilities

CVE-2008-1502

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

CVSS Score

4.3

EPSS Score

0.011

Published

2008-03-25

Page 1

Vulnerabilities

Vulnerable Software

Egroupware: >> Egroupware >> 1.2.106-2 Security Vulnerabilities

Products

Pricing

Contact Us