CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2012-2081
https://notcve.org/view.php?id=CVE-2012-2081
14 Aug 2012 — The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module. El módulo 'Organic Groups' (OG) v6.x-2.x, antes de v6.x-2.3 para Drupal no restringe adecuadamente el acceso, lo que permite a atacantes remotos obtener información sensible, tales como títulos de los grupos privados a través de una solicitud a través del módulo de Vistas (Views). • http://drupal.org/node/1507328 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 1CVE-2012-3800
https://notcve.org/view.php?id=CVE-2012-3800
27 Jun 2012 — Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en og.js en el módulo Organic Groups (OG) v6.x-2.x anteriores a v6.x-2.4 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML median... • http://drupal.org/node/1619736 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 1CVE-2012-2721
https://notcve.org/view.php?id=CVE-2012-2721
27 Jun 2012 — The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact. La vista por defecto en el módulo Organic Groups (OG) v6.x-2.x anteriores a v6.x-2.4 para Drupal no comprueba de forma adecuada los permisos cuando todos los usuario tienen eliminado el permiso de acceso al contenido (access co... • http://drupal.org/node/1619736 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2009-4528
https://notcve.org/view.php?id=CVE-2009-4528
31 Dec 2009 — The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors. El módulo Organic Groups (OG)Vocabulary v6.x anterior a v6.x-1.0 para Drupal, permite a grupos miembros de usuarios autenticados remotamente evitar las restricciones de acceso establecidas, creando, modificando o leyendo palabras de su elección a través de vectores no especificados. • http://drupal.org/node/604354 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3786
https://notcve.org/view.php?id=CVE-2009-3786
26 Oct 2009 — Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title. Vulnerabilidad de tipo cross-site scripting (XSS) en Organic Groups (OG) Vocabulary versiones 5.x anteriores a 5.x-1.1 y versiones 6.x anteriores a 6.x-1.1, un módulo para Drupal, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del título group. • http://drupal.org/node/605094 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 25EXPL: 0CVE-2009-3652
https://notcve.org/view.php?id=CVE-2009-3652
09 Oct 2009 — Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095. Una vulnerabilidad de Ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo de Drupal "Organic Groups (OG)" en sus versiones v5.x-7.x antes de... • http://drupal.org/node/592358 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 0CVE-2009-3435
https://notcve.org/view.php?id=CVE-2009-3435
28 Sep 2009 — Cross-site scripting (XSS) vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el editor de variables del módulo Devel de Dupral en versiones del módulo v5.x en versiones anteriores a la v5.x-1.2 y v6.x en versiones anteriores a la v6.x-1.18. Permite a usuarios remotos inyectar codigo de ... • http://drupal.org/node/585952 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •