Lucene search

K

GoogleOSV:GHSA-V759-3WR5-P294

HistoryMay 01, 2022 - 11:40 p.m.

Moodle vulnerable to Cross-site scripting

2022-05-0123:40:50

Google

osv.dev

7

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.4%

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

References

docs.moodle.org/en/Release_Notes#Moodle_1.8.5

lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html

www.debian.org/security/2008/dsa-1691

www.debian.org/security/2009/dsa-1871

www.egroupware.org/changelog

www.egroupware.org/viewvc/branches/1.4/phpgwapi/inc/class.kses.inc.php?r1=23625&r2=25110&pathrev=25110

www.gentoo.org/security/en/glsa/glsa-200805-04.xml

www.openwall.com/lists/oss-security/2008/07/08/14

exchange.xforce.ibmcloud.com/vulnerabilities/41435

github.com/moodle/moodle

nvd.nist.gov/vuln/detail/CVE-2008-1502

usn.ubuntu.com/658-1

web.archive.org/web/20080709031015/www.securityfocus.com/bid/28424

web.archive.org/web/20080828131802/secunia.com/advisories/31017

web.archive.org/web/20080905011948/secunia.com/advisories/31018

web.archive.org/web/20081011001554/secunia.com/advisories/31167

web.archive.org/web/20081025081058/secunia.com/advisories/32400

web.archive.org/web/20081028073531/secunia.com/advisories/32446

web.archive.org/web/20090129193143/secunia.com/advisories/30986

web.archive.org/web/20100819022833/secunia.com/advisories/30073

web.archive.org/web/20120719035305/secunia.com/advisories/29491

www.redhat.com/archives/fedora-package-announce/2008-July/msg00331.html

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

77.4%

Related for OSV:GHSA-V759-3WR5-P294

dsquare1 d21 openvas18 ubuntu1 nessus6 prion1 github1 ubuntucve1 cve1 debiancve1 securityvulns2 gentoo1 fedora1 debian3 osv3