Launchpad CVE tracker

CVE 2008-1502

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

Related bugs and status

CVE-2008-1502 (Candidate) is related to these bugs:

Bug #212211: [CVE-2008-1502] XSS

		In	Importance	Status
212211	[CVE-2008-1502] XSS	egroupware (Ubuntu)	Undecided	Fix Released
212211	[CVE-2008-1502] XSS	egroupware (Ubuntu Dapper)	Undecided	Won't Fix
212211	[CVE-2008-1502] XSS	egroupware (Ubuntu Edgy)	Undecided	Won't Fix
212211	[CVE-2008-1502] XSS	egroupware (Ubuntu Hardy)	Undecided	Fix Released
212211	[CVE-2008-1502] XSS	egroupware (Ubuntu Feisty)	Undecided	Won't Fix
212211	[CVE-2008-1502] XSS	egroupware (Ubuntu Gutsy)	Medium	Fix Released
212211	[CVE-2008-1502] XSS	egroupware (Debian)	Unknown	Fix Released
212211	[CVE-2008-1502] XSS	egroupware (Gentoo Linux)	Low	Fix Released

Bug #225662: [MASTER] package moodle failed to install/upgrade: grep: /etc/postgresql///pg_hba.conf: No such file or directory

Summary				In	Importance	Status
	225662	[MASTER] package moodle failed to install/upgrade: grep: /etc/postgresql///pg_hba.conf: No such file or directory		moodle (Ubuntu)	High	Fix Released

Bug #234609: Blank pages in Moodle after install - failed to install php5-mysql

Summary				In	Importance	Status
	234609	Blank pages in Moodle after install - failed to install php5-mysql		moodle (Ubuntu)	Medium	Fix Released

Bug #239481: Upgrade Moodle to 1.9.3

Summary				In	Importance	Status
	239481	Upgrade Moodle to 1.9.3		moodle (Ubuntu)	Wishlist	Fix Released

Bug #272221: Vulnerable version of Moodle (1.8.2)

		In	Importance	Status
272221	Vulnerable version of Moodle (1.8.2)	moodle (Ubuntu)	Medium	Fix Released
272221	Vulnerable version of Moodle (1.8.2)	moodle (Ubuntu Gutsy)	Medium	Fix Released
272221	Vulnerable version of Moodle (1.8.2)	moodle (Ubuntu Hardy)	Medium	Fix Released
272221	Vulnerable version of Moodle (1.8.2)	moodle (Ubuntu Intrepid)	Medium	Fix Released

Bug #303078: attempting to re-enter mismatched new password when installing moodle database with apache in ubuntu server

Summary				In	Importance	Status
	303078	attempting to re-enter mismatched new password when installing moodle database with apache in ubuntu server		moodle (Ubuntu)	Undecided	Fix Released

Bug #322961: merge moodle 1.8.2.dfsg-3

Summary				In	Importance	Status
	322961	merge moodle 1.8.2.dfsg-3		moodle (Ubuntu)	High	Fix Released
	322961	merge moodle 1.8.2.dfsg-3		moodle (Ubuntu Jaunty)	High	Fix Released

Bug #325450: package moodle 1.8.2-1ubuntu4.1 failed to uninstall after failing to install

Summary				In	Importance	Status
	325450	package moodle 1.8.2-1ubuntu4.1 failed to uninstall after failing to install		moodle (Ubuntu)	Undecided	Fix Released

Bug #327843: Strange default MySQL administrator username (postgres) during install

Summary				In	Importance	Status
	327843	Strange default MySQL administrator username (postgres) during install		moodle (Ubuntu)	Undecided	Fix Released

Bug #334611: Feature Freeze Exception: moodle 1.9.4-0ubuntu1

Summary				In	Importance	Status
	334611	Feature Freeze Exception: moodle 1.9.4-0ubuntu1		moodle (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-1502

References