CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2012-2081
https://notcve.org/view.php?id=CVE-2012-2081
14 Aug 2012 — The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module. El módulo 'Organic Groups' (OG) v6.x-2.x, antes de v6.x-2.3 para Drupal no restringe adecuadamente el acceso, lo que permite a atacantes remotos obtener información sensible, tales como títulos de los grupos privados a través de una solicitud a través del módulo de Vistas (Views). • http://drupal.org/node/1507328 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 1CVE-2012-3800
https://notcve.org/view.php?id=CVE-2012-3800
27 Jun 2012 — Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en og.js en el módulo Organic Groups (OG) v6.x-2.x anteriores a v6.x-2.4 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML median... • http://drupal.org/node/1619736 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 1CVE-2012-2721
https://notcve.org/view.php?id=CVE-2012-2721
27 Jun 2012 — The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact. La vista por defecto en el módulo Organic Groups (OG) v6.x-2.x anteriores a v6.x-2.4 para Drupal no comprueba de forma adecuada los permisos cuando todos los usuario tienen eliminado el permiso de acceso al contenido (access co... • http://drupal.org/node/1619736 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 25EXPL: 0CVE-2009-3652
https://notcve.org/view.php?id=CVE-2009-3652
09 Oct 2009 — Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095. Una vulnerabilidad de Ejecución de secuencias de comandos en sitios cruzados (XSS) en el módulo de Drupal "Organic Groups (OG)" en sus versiones v5.x-7.x antes de... • http://drupal.org/node/592358 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •