MidnightBSD

Advisories for moshe_weitzman

CVE-2012-2721 MEDIUM

The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
moshe_weitzman organic_groups 6.x-2.x
moshe_weitzman organic_groups 6.x-2.2
moshe_weitzman organic_groups 6.x-2.0
moshe_weitzman organic_groups 6.x-2.3
moshe_weitzman organic_groups 6.x-2.1
CVE-2012-3800 LOW

Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
moshe_weitzman organic_groups 6.x-2.x
moshe_weitzman organic_groups 6.x-2.2
moshe_weitzman organic_groups 6.x-2.0
moshe_weitzman organic_groups 6.x-2.3
moshe_weitzman organic_groups 6.x-2.1