All the vulnerabilites related to moshe_weitzman - organic_groups
Vulnerability from fkie_nvd
Published
2009-10-09 14:30
Modified
2024-11-21 01:07
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:5.x-7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B90F1F5A-AE01-477D-9C26-F6F1300651D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:5.x-7.0-rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "F769B727-9FEE-4B57-ACAC-CA4C86D118C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:5.x-7.0-rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "41151443-9846-4961-A255-A8E602BD8577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:5.x-7.0-rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "256EDA03-31F0-4AFC-91C6-3E4B7951C394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:5.x-7.0-rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8CD09A-A0C9-4375-AD57-775EC42742CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:5.x-7.0-rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "3A19B1B9-1A0C-41D4-9511-AA77A37C87D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:5.x-7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF1411A6-18E7-4E10-B8A2-E3691654DFED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:5.x-7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91FF0124-BB8D-47C3-A0D9-93EC49808F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:5.x-7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF6197F-1411-47CE-81AF-B14994205DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:5.x-8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "878827FB-3379-4685-977E-DCB0110E6229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C30366D-E552-47BA-BE65-592CCDAFFD3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-1.0-beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "75EC00B9-8722-4361-9757-FC90E91C09BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-1.0-rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "7523E3F8-571C-4CC7-96A9-A4A7323B3EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-1.0-rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE30251-B0EA-4A32-BBD3-39FD0F6DDB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-1.0-rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "6BFD1AA9-A5F0-4373-9020-E69324224664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-1.0-rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "2B067F9C-0C3A-4704-915C-69AE6F7705B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-1.0-rc5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCE71C59-7C3D-488B-B497-2C8C99FFE750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-1.0-rc6:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D58CC3-38E9-48D0-B0DD-49B7A3B3F7B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-1.0-rc7:*:*:*:*:*:*:*",
"matchCriteriaId": "6829D3FA-E07F-4541-8555-F5D7070519B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-1.0-rc8:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7E15C8-6406-48C6-BAD4-EE999D62375E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-1.0-rc9:*:*:*:*:*:*:*",
"matchCriteriaId": "8565EBF3-3524-4B02-8445-A55A0C24ABE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24763B2D-97C2-4C05-B51E-B674D00D745F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "074960A4-8356-419F-87AF-68FA413F1A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99A24FF3-0E21-4BE8-81E6-3A830275652F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo de Drupal \"Organic Groups (OG)\" en sus versiones v5.x-7.x antes de v5.x-7.4, v5.x-8.x antes de v5.x-8.1, y v6.x-1.x antes de v6.x-1.4, permite inyectar HTML o scripts web a usuarios remotos autenticados, con el permiso \"crear o editar nodos de grupo\", a trav\u00e9s de la cabecera HTTP User-Agent. Se trata de un problema diferente al de CVE-2008-3095."
}
],
"id": "CVE-2009-3652",
"lastModified": "2024-11-21T01:07:53.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-10-09T14:30:00.530",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/592358"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/592410"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/592412"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/592414"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/58445"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36923"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36558"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/592358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/592410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/592412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/592414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/58445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53570"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-27 00:55
Modified
2024-11-21 01:39
Severity ?
Summary
The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moshe_weitzman | organic_groups | 6.x-2.0 | |
| moshe_weitzman | organic_groups | 6.x-2.0 | |
| moshe_weitzman | organic_groups | 6.x-2.0 | |
| moshe_weitzman | organic_groups | 6.x-2.0 | |
| moshe_weitzman | organic_groups | 6.x-2.1 | |
| moshe_weitzman | organic_groups | 6.x-2.2 | |
| moshe_weitzman | organic_groups | 6.x-2.3 | |
| moshe_weitzman | organic_groups | 6.x-2.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "586989FC-FB44-4DF8-9ABB-9FE1BC9FC8FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F75F245C-CDC2-436A-94A4-3FDBC175CF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD6163A1-1793-4261-ADE5-58F0A0AC5036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "61903138-CF7F-46EA-A3E1-DC0C324ACACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51E76179-60A8-4957-9A28-F28560874E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25FD5736-4C27-47E9-A540-C06CD998A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D84F1641-CE86-4B96-9B28-77D70DDB3C27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "461DF120-E96F-448F-ADA6-A87FA93FA69D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the \"access content\" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact."
},
{
"lang": "es",
"value": "La vista por defecto en el m\u00f3dulo Organic Groups (OG) v6.x-2.x anteriores a v6.x-2.4 para Drupal no comprueba de forma adecuada los permisos cuando todos los usuario tienen eliminado el permiso de acceso al contenido (access content), lo que permite a atacantes remotos evitar los restricciones y posiblemente tenga otros impactos no determinados."
}
],
"id": "CVE-2012-2721",
"lastModified": "2024-11-21T01:39:30.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-27T00:55:04.957",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1619736"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1619810"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/og.git/commitdiff/1485708"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49397"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/82728"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/53838"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1619736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1619810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/og.git/commitdiff/1485708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/82728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76150"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-14 23:55
Modified
2024-11-21 01:38
Severity ?
Summary
The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moshe_weitzman | organic_groups | 6.x-2.0 | |
| moshe_weitzman | organic_groups | 6.x-2.0 | |
| moshe_weitzman | organic_groups | 6.x-2.0 | |
| moshe_weitzman | organic_groups | 6.x-2.0 | |
| moshe_weitzman | organic_groups | 6.x-2.1 | |
| moshe_weitzman | organic_groups | 6.x-2.2 | |
| moshe_weitzman | organic_groups | 6.x-2.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "586989FC-FB44-4DF8-9ABB-9FE1BC9FC8FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F75F245C-CDC2-436A-94A4-3FDBC175CF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD6163A1-1793-4261-ADE5-58F0A0AC5036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "61903138-CF7F-46EA-A3E1-DC0C324ACACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51E76179-60A8-4957-9A28-F28560874E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25FD5736-4C27-47E9-A540-C06CD998A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "461DF120-E96F-448F-ADA6-A87FA93FA69D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module."
},
{
"lang": "es",
"value": "El m\u00f3dulo \u0027Organic Groups\u0027 (OG) v6.x-2.x, antes de v6.x-2.3 para Drupal no restringe adecuadamente el acceso, lo que permite a atacantes remotos obtener informaci\u00f3n sensible, tales como t\u00edtulos de los grupos privados a trav\u00e9s de una solicitud a trav\u00e9s del m\u00f3dulo de Vistas (Views).\r\n"
}
],
"id": "CVE-2012-2081",
"lastModified": "2024-11-21T01:38:27.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-14T23:55:01.767",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://drupal.org/node/1507328"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1507446"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/80678"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48620"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/52799"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://drupal.org/node/1507328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1507446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/80678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/52799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74526"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-27 00:55
Modified
2024-11-21 01:41
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moshe_weitzman | organic_groups | 6.x-2.0 | |
| moshe_weitzman | organic_groups | 6.x-2.0 | |
| moshe_weitzman | organic_groups | 6.x-2.0 | |
| moshe_weitzman | organic_groups | 6.x-2.0 | |
| moshe_weitzman | organic_groups | 6.x-2.1 | |
| moshe_weitzman | organic_groups | 6.x-2.2 | |
| moshe_weitzman | organic_groups | 6.x-2.3 | |
| moshe_weitzman | organic_groups | 6.x-2.x | |
| drupal | drupal | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "586989FC-FB44-4DF8-9ABB-9FE1BC9FC8FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F75F245C-CDC2-436A-94A4-3FDBC175CF5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "AD6163A1-1793-4261-ADE5-58F0A0AC5036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "61903138-CF7F-46EA-A3E1-DC0C324ACACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51E76179-60A8-4957-9A28-F28560874E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25FD5736-4C27-47E9-A540-C06CD998A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D84F1641-CE86-4B96-9B28-77D70DDB3C27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moshe_weitzman:organic_groups:6.x-2.x:dev:*:*:*:*:*:*",
"matchCriteriaId": "461DF120-E96F-448F-ADA6-A87FA93FA69D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:drupal:drupal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B1170D-AD33-4C7A-892D-63AC71B032CF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title."
},
{
"lang": "es",
"value": "vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en og.js en el m\u00f3dulo Organic Groups (OG) v6.x-2.x anteriores a v6.x-2.4 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores relacionados con el t\u00edtulo del grupo.\r\n\r\n"
}
],
"id": "CVE-2012-3800",
"lastModified": "2024-11-21T01:41:38.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-27T00:55:06.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1619736"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1619810"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/og.git/commitdiff/d48fef5"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49397"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/82712"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53838"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://drupal.org/node/1619736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://drupal.org/node/1619810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://drupalcode.org/project/og.git/commitdiff/d48fef5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/82712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76149"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2012-3800
Vulnerability from cvelistv5
Published
2012-06-27 00:00
Modified
2024-08-06 20:21
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/53838 | vdb-entry, x_refsource_BID | |
| http://drupal.org/node/1619736 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/76149 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2012/06/14/3 | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/82712 | vdb-entry, x_refsource_OSVDB | |
| http://drupalcode.org/project/og.git/commitdiff/d48fef5 | x_refsource_CONFIRM | |
| http://drupal.org/node/1619810 | x_refsource_MISC | |
| http://secunia.com/advisories/49397 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:02.281Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53838",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53838"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1619736"
},
{
"name": "organicgroups-unspecified-xss(76149)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76149"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "82712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/82712"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/og.git/commitdiff/d48fef5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1619810"
},
{
"name": "49397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49397"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "53838",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53838"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1619736"
},
{
"name": "organicgroups-unspecified-xss(76149)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76149"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "82712",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/82712"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/og.git/commitdiff/d48fef5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1619810"
},
{
"name": "49397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49397"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53838"
},
{
"name": "http://drupal.org/node/1619736",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1619736"
},
{
"name": "organicgroups-unspecified-xss(76149)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76149"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "82712",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/82712"
},
{
"name": "http://drupalcode.org/project/og.git/commitdiff/d48fef5",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/og.git/commitdiff/d48fef5"
},
{
"name": "http://drupal.org/node/1619810",
"refsource": "MISC",
"url": "http://drupal.org/node/1619810"
},
{
"name": "49397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49397"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3800",
"datePublished": "2012-06-27T00:00:00",
"dateReserved": "2012-06-26T00:00:00",
"dateUpdated": "2024-08-06T20:21:02.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2721
Vulnerability from cvelistv5
Published
2012-06-27 00:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/53838 | vdb-entry, x_refsource_BID | |
| http://drupal.org/node/1619736 | x_refsource_CONFIRM | |
| http://www.osvdb.org/82728 | vdb-entry, x_refsource_OSVDB | |
| http://www.openwall.com/lists/oss-security/2012/06/14/3 | mailing-list, x_refsource_MLIST | |
| http://drupalcode.org/project/og.git/commitdiff/1485708 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/76150 | vdb-entry, x_refsource_XF | |
| http://drupal.org/node/1619810 | x_refsource_MISC | |
| http://secunia.com/advisories/49397 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53838",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53838"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1619736"
},
{
"name": "82728",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/82728"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupalcode.org/project/og.git/commitdiff/1485708"
},
{
"name": "organicgroups-permission-security-bypass(76150)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76150"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1619810"
},
{
"name": "49397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49397"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the \"access content\" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "53838",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53838"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1619736"
},
{
"name": "82728",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/82728"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupalcode.org/project/og.git/commitdiff/1485708"
},
{
"name": "organicgroups-permission-security-bypass(76150)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76150"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1619810"
},
{
"name": "49397",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49397"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the \"access content\" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53838"
},
{
"name": "http://drupal.org/node/1619736",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1619736"
},
{
"name": "82728",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/82728"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "http://drupalcode.org/project/og.git/commitdiff/1485708",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/og.git/commitdiff/1485708"
},
{
"name": "organicgroups-permission-security-bypass(76150)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76150"
},
{
"name": "http://drupal.org/node/1619810",
"refsource": "MISC",
"url": "http://drupal.org/node/1619810"
},
{
"name": "49397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49397"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2721",
"datePublished": "2012-06-27T00:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:32.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3652
Vulnerability from cvelistv5
Published
2009-10-09 14:18
Modified
2024-08-07 06:38
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095.
References
| ▼ | URL | Tags |
|---|---|---|
| http://drupal.org/node/592410 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53570 | vdb-entry, x_refsource_XF | |
| http://drupal.org/node/592412 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/36923 | third-party-advisory, x_refsource_SECUNIA | |
| http://drupal.org/node/592414 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/36558 | vdb-entry, x_refsource_BID | |
| http://drupal.org/node/592358 | x_refsource_CONFIRM | |
| http://osvdb.org/58445 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:29.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/592410"
},
{
"name": "organicgroups-newgroups-xss(53570)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53570"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/592412"
},
{
"name": "36923",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36923"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/592414"
},
{
"name": "36558",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36558"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/592358"
},
{
"name": "58445",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/592410"
},
{
"name": "organicgroups-newgroups-xss(53570)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53570"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/592412"
},
{
"name": "36923",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36923"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/592414"
},
{
"name": "36558",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36558"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/592358"
},
{
"name": "58445",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/592410",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/592410"
},
{
"name": "organicgroups-newgroups-xss(53570)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53570"
},
{
"name": "http://drupal.org/node/592412",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/592412"
},
{
"name": "36923",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36923"
},
{
"name": "http://drupal.org/node/592414",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/592414"
},
{
"name": "36558",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36558"
},
{
"name": "http://drupal.org/node/592358",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/592358"
},
{
"name": "58445",
"refsource": "OSVDB",
"url": "http://osvdb.org/58445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3652",
"datePublished": "2009-10-09T14:18:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:38:29.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2081
Vulnerability from cvelistv5
Published
2012-08-14 23:00
Modified
2024-08-06 19:17
Severity ?
EPSS score ?
Summary
The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/48620 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/04/07/1 | mailing-list, x_refsource_MLIST | |
| http://osvdb.org/80678 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/74526 | vdb-entry, x_refsource_XF | |
| http://drupal.org/node/1507446 | x_refsource_MISC | |
| http://drupal.org/node/1507328 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/52799 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:17:27.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48620",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48620"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "80678",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/80678"
},
{
"name": "drupal-organic-views-security-bypass(74526)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74526"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://drupal.org/node/1507446"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://drupal.org/node/1507328"
},
{
"name": "52799",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52799"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "48620",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48620"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "80678",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/80678"
},
{
"name": "drupal-organic-views-security-bypass(74526)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74526"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://drupal.org/node/1507446"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://drupal.org/node/1507328"
},
{
"name": "52799",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52799"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48620"
},
{
"name": "[oss-security] 20120406 CVE\u0027s for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "80678",
"refsource": "OSVDB",
"url": "http://osvdb.org/80678"
},
{
"name": "drupal-organic-views-security-bypass(74526)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74526"
},
{
"name": "http://drupal.org/node/1507446",
"refsource": "MISC",
"url": "http://drupal.org/node/1507446"
},
{
"name": "http://drupal.org/node/1507328",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1507328"
},
{
"name": "52799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52799"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2081",
"datePublished": "2012-08-14T23:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:17:27.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}