7 results (0.004 seconds)

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module. El módulo 'Organic Groups' (OG) v6.x-2.x, antes de v6.x-2.3 para Drupal no restringe adecuadamente el acceso, lo que permite a atacantes remotos obtener información sensible, tales como títulos de los grupos privados a través de una solicitud a través del módulo de Vistas (Views). • http://drupal.org/node/1507328 http://drupal.org/node/1507446 http://osvdb.org/80678 http://secunia.com/advisories/48620 http://www.openwall.com/lists/oss-security/2012/04/07/1 http://www.securityfocus.com/bid/52799 https://exchange.xforce.ibmcloud.com/vulnerabilities/74526 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 1

Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en og.js en el módulo Organic Groups (OG) v6.x-2.x anteriores a v6.x-2.4 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores relacionados con el título del grupo. • http://drupal.org/node/1619736 http://drupal.org/node/1619810 http://drupalcode.org/project/og.git/commitdiff/d48fef5 http://secunia.com/advisories/49397 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82712 http://www.securityfocus.com/bid/53838 https://exchange.xforce.ibmcloud.com/vulnerabilities/76149 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 3%CPEs: 9EXPL: 1

The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact. La vista por defecto en el módulo Organic Groups (OG) v6.x-2.x anteriores a v6.x-2.4 para Drupal no comprueba de forma adecuada los permisos cuando todos los usuario tienen eliminado el permiso de acceso al contenido (access content), lo que permite a atacantes remotos evitar los restricciones y posiblemente tenga otros impactos no determinados. • http://drupal.org/node/1619736 http://drupal.org/node/1619810 http://drupalcode.org/project/og.git/commitdiff/1485708 http://secunia.com/advisories/49397 http://www.openwall.com/lists/oss-security/2012/06/14/3 http://www.osvdb.org/82728 http://www.securityfocus.com/bid/53838 https://exchange.xforce.ibmcloud.com/vulnerabilities/76150 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors. El módulo Organic Groups (OG)Vocabulary v6.x anterior a v6.x-1.0 para Drupal, permite a grupos miembros de usuarios autenticados remotamente evitar las restricciones de acceso establecidas, creando, modificando o leyendo palabras de su elección a través de vectores no especificados. • http://drupal.org/node/604354 http://drupal.org/node/604514 http://osvdb.org/58947 http://secunia.com/advisories/37060 http://www.securityfocus.com/bid/36685 http://www.vupen.com/english/advisories/2009/2920 https://exchange.xforce.ibmcloud.com/vulnerabilities/53780 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title. Vulnerabilidad de tipo cross-site scripting (XSS) en Organic Groups (OG) Vocabulary versiones 5.x anteriores a 5.x-1.1 y versiones 6.x anteriores a 6.x-1.1, un módulo para Drupal, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del título group. • http://drupal.org/node/605094 http://drupal.org/node/610948 http://drupal.org/node/621960 http://drupal.org/node/623674 http://osvdb.org/59129 http://osvdb.org/59673 http://secunia.com/advisories/37125 http://secunia.com/advisories/37290 http://www.securityfocus.com/bid/36784 http://www.securityfocus.com/bid/36929 http://www.vupen.com/english/advisories/2009/3000 https://exchange.xforce.ibmcloud.com/vulnerabilities/53902 https://exchange.xforce.ibmcloud.com/vul • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •