CVE-2008-1502

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/moodle/moodle

Identifiers

GHSA-v759-3wr5-p294, CVE-2008-1502

Package Slug

packagist/moodle/moodle

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

The badprotocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

Affected Versions

All versions before 1.8.5

Solution

Upgrade to version 1.8.5 or above.

Last Modified

2024-02-12

source