Moshe Weitzman: >> Organic Groups >> 6.x-2.3 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title.
CVSS Score
2.1
EPSS Score
0.004
Published
2012-06-27
The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.
CVSS Score
6.8
EPSS Score
0.002
Published
2012-06-27