PT-2008-3066 · Moodle+2 · Moodle+2
Publicado
2008-03-25
·
Atualizado
2022-05-01
·
CVE-2008-1502
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
eGroupWare versions prior to 1.4.003
Moodle versions prior to 1.8.5
Description
The issue allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols. This is due to the
bad protocol once function in phpgwapi/inc/class.kses.inc.php in KSES.Recommendations
For eGroupWare versions prior to 1.4.003, update to version 1.4.003 or later.
For Moodle versions prior to 1.8.5, update to version 1.8.5 or later.
As a temporary workaround, consider restricting the input of crafted URL protocols to minimize the risk of exploitation.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Kses
Moodle
Egroupware