GHSA-v759-3wr5-p294, CVE-2008-1502
packagist/moodle/moodle
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The badprotocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
All versions before 1.8.5
Upgrade to version 1.8.5 or above.
2024-02-12
source |