1 results (0.015 seconds)

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo Organic Groups (OG) 5.x versiones anteriores a 5.x-7.3 y 6.x versiones anteriores a 6.x-1.0-RC1, un módulo para Drupal, permite a usuarios autenticados remotos, con permisos de propietario de grupo, inyectar web script o HTML de su elección a través de vectores no especificados. • http://drupal.org/node/277873 http://secunia.com/advisories/30928 http://www.securityfocus.com/bid/30070 https://exchange.xforce.ibmcloud.com/vulnerabilities/43572 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •