Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2008-1502
Reference:
CVE-2008-1502
Title:
Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES as used in eGroupWare before 1.4.003 Moodle before 1.8.5 and other products allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.