NotCVE - vendor:"Moshe Weitzman" product:"Og Vocab"

2 results (0.003 seconds)

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

CVE-2009-4528

https://notcve.org/view.php?id=CVE-2009-4528

The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors. El módulo Organic Groups (OG)Vocabulary v6.x anterior a v6.x-1.0 para Drupal, permite a grupos miembros de usuarios autenticados remotamente evitar las restricciones de acceso establecidas, creando, modificando o leyendo palabras de su elección a través de vectores no especificados. • http://drupal.org/node/604354 http://drupal.org/node/604514 http://osvdb.org/58947 http://secunia.com/advisories/37060 http://www.securityfocus.com/bid/36685 http://www.vupen.com/english/advisories/2009/2920 https://exchange.xforce.ibmcloud.com/vulnerabilities/53780 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2009-3786

https://notcve.org/view.php?id=CVE-2009-3786

Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title. Vulnerabilidad de tipo cross-site scripting (XSS) en Organic Groups (OG) Vocabulary versiones 5.x anteriores a 5.x-1.1 y versiones 6.x anteriores a 6.x-1.1, un módulo para Drupal, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del título group. • http://drupal.org/node/605094 http://drupal.org/node/610948 http://drupal.org/node/621960 http://drupal.org/node/623674 http://osvdb.org/59129 http://osvdb.org/59673 http://secunia.com/advisories/37125 http://secunia.com/advisories/37290 http://www.securityfocus.com/bid/36784 http://www.securityfocus.com/bid/36929 http://www.vupen.com/english/advisories/2009/3000 https://exchange.xforce.ibmcloud.com/vulnerabilities/53902 https://exchange.xforce.ibmcloud.com/vul • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •