CVE-2008-1502
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
CVE
CVE-2008-1502
Status
Candidate
Description
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in eGroupWare before 1.4.003 allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
Phase
Assigned (25.03.2008)
SecurityVulns:
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
NVD:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1502
References
BID :
28424
CONFIRM :
http://www.egroupware.org/changelog
FRSIRT :
ADV-2008-0989
MISC :
http://www.egroupware.org/viewvc/branches/1.4/phpg...
SECUNIA :
29491
XF :
egroupware-badprotocolonce-security-bypass(41435)
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Enter your search terms
Web
securityvulns.com
Submit search form
