Vulnerabilities > Moshe Weitzman > Organic Groups > 6.x.2.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-06-27 | CVE-2012-3800 | Cross-Site Scripting vulnerability in Moshe Weitzman Organic Groups Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title. | 2.1 |
2012-06-27 | CVE-2012-2721 | Permissions, Privileges, and Access Controls vulnerability in Moshe Weitzman Organic Groups The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact. | 6.8 |