VYPR

Organic Groups

by Drupal

CVEs (6)

  • CVE-2013-7068Apr 29, 2014
    risk 0.00cvss epss 0.01

    The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field.

  • CVE-2013-7065Apr 29, 2014
    risk 0.00cvss epss 0.01

    The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field.

  • CVE-2012-5539Dec 3, 2012
    risk 0.00cvss epss 0.01

    The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved.

  • CVE-2012-2081Aug 14, 2012
    risk 0.00cvss epss 0.02

    The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module.

  • CVE-2009-3652Oct 9, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML…

  • CVE-2008-3095Jul 9, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors.