RSS   Vulnerabilities for 'Organic groups'   RSS

2012-12-03
 
CVE-2012-5539

CWE-264
 
 
The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved.

 
2012-08-14
 
CVE-2012-2081

CWE-264
 
 
The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module.

 
2012-06-26
 
CVE-2012-3800

CWE-79
 
 
Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title.

 
 
CVE-2012-2721

CWE-264
 
 
The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.

 
2009-10-09
 
CVE-2009-3652

CWE-79
 
 
Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095.

 

 >>> Vendor: Moshe weitzman 3 Products
Devel
Organic groups
Og vocab

Copyright 2024, cxsecurity.com

 

Back to Top