CVE-2008-1502
KSES <1.4.003 - XSS
Title source: llmDescription
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
References (21)
... and 1 more
Scores
EPSS
0.0109
EPSS Percentile
77.7%
Classification
CWE
CWE-79
Status
draft
Affected Products (44)
egroupware/egroupware
< 1.4.002
egroupware/egroupware
egroupware/egroupware
egroupware/egroupware
egroupware/egroupware
egroupware/egroupware
egroupware/egroupware
moodle/moodle
< 1.8.4
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
... and 29 more
Timeline
Published
Mar 25, 2008
Tracked Since
Feb 18, 2026