The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare prior to 1.4.003, Moodle prior to 1.8.5, and other products, allows remote malicious users to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
moodle moodle 1.8.1 |
||
moodle moodle 1.6.7 |
||
moodle moodle 1.5.0 |
||
moodle moodle 1.5.3 |
||
moodle moodle 1.4.2 |
||
moodle moodle 1.4.1 |
||
moodle moodle 1.2.0 |
||
moodle moodle 1.1.1 |
||
moodle moodle |
||
moodle moodle 1.7.4 |
||
moodle moodle 1.7.3 |
||
moodle moodle 1.6.4 |
||
moodle moodle 1.6.3 |
||
moodle moodle 1.6.2 |
||
moodle moodle 1.5 |
||
moodle moodle 1.4.5 |
||
moodle moodle 1.3.2 |
||
moodle moodle 1.3.1 |
||
egroupware egroupware 1.0.3 |
||
egroupware egroupware 1.0.1 |
||
moodle moodle 1.7.6 |
||
moodle moodle 1.7.5 |
||
moodle moodle 1.6.6 |
||
moodle moodle 1.6.5 |
||
moodle moodle 1.5.2 |
||
moodle moodle 1.5.1 |
||
moodle moodle 1.3.4 |
||
moodle moodle 1.3.3 |
||
egroupware egroupware 1.4.001 |
||
egroupware egroupware 1.2.106-2 |
||
egroupware egroupware 1.0.6 |
||
moodle moodle 1.8.3 |
||
moodle moodle 1.8.2 |
||
moodle moodle 1.7.2 |
||
moodle moodle 1.7.1 |
||
moodle moodle 1.6.1 |
||
moodle moodle 1.6.0 |
||
moodle moodle 1.4.4 |
||
moodle moodle 1.4.3 |
||
moodle moodle 1.3.0 |
||
moodle moodle 1.2.1 |
||
egroupware egroupware 1.0 |
||
egroupware egroupware |
Vulmon