Vulnerabilities (CVE)

Filtered by vendor Moshe Weitzman Subscribe
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-3800 2 Drupal, Moshe Weitzman 2 Drupal, Organic Groups 2024-11-21 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title.
CVE-2012-2721 2 Drupal, Moshe Weitzman 2 Drupal, Organic Groups 2024-11-21 6.8 MEDIUM N/A
The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.
CVE-2012-2081 2 Drupal, Moshe Weitzman 2 Drupal, Organic Groups 2024-11-21 5.0 MEDIUM N/A
The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module.
CVE-2009-4528 2 Drupal, Moshe Weitzman 2 Drupal, Og Vocab 2024-11-21 6.5 MEDIUM N/A
The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors.
CVE-2009-3786 2 Drupal, Moshe Weitzman 2 Drupal, Og Vocab 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title.
CVE-2009-3652 2 Drupal, Moshe Weitzman 2 Drupal, Organic Groups 2024-11-21 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095.
CVE-2009-3435 2 Drupal, Moshe Weitzman 2 Drupal, Devel 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name.