CVE-2009-4528
https://notcve.org/view.php?id=CVE-2009-4528
The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors. El módulo Organic Groups (OG)Vocabulary v6.x anterior a v6.x-1.0 para Drupal, permite a grupos miembros de usuarios autenticados remotamente evitar las restricciones de acceso establecidas, creando, modificando o leyendo palabras de su elección a través de vectores no especificados. • http://drupal.org/node/604354 http://drupal.org/node/604514 http://osvdb.org/58947 http://secunia.com/advisories/37060 http://www.securityfocus.com/bid/36685 http://www.vupen.com/english/advisories/2009/2920 https://exchange.xforce.ibmcloud.com/vulnerabilities/53780 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-3786
https://notcve.org/view.php?id=CVE-2009-3786
Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title. Vulnerabilidad de tipo cross-site scripting (XSS) en Organic Groups (OG) Vocabulary versiones 5.x anteriores a 5.x-1.1 y versiones 6.x anteriores a 6.x-1.1, un módulo para Drupal, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del título group. • http://drupal.org/node/605094 http://drupal.org/node/610948 http://drupal.org/node/621960 http://drupal.org/node/623674 http://osvdb.org/59129 http://osvdb.org/59673 http://secunia.com/advisories/37125 http://secunia.com/advisories/37290 http://www.securityfocus.com/bid/36784 http://www.securityfocus.com/bid/36929 http://www.vupen.com/english/advisories/2009/3000 https://exchange.xforce.ibmcloud.com/vulnerabilities/53902 https://exchange.xforce.ibmcloud.com/vul • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •