Description
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
Remediation
References
Related Vulnerabilities
WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.23)
Python Cryptographic Issues Vulnerability (CVE-2013-7040)
Oracle Application Server CVE-2008-2619 Vulnerability (CVE-2008-2619)
Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33510)
Oracle Database Server CVE-2011-0804 Vulnerability (CVE-2011-0804)