Lucene search

[email protected]CVE-2008-3095

HistoryJul 09, 2008 - 7:33 p.m.

CVE-2008-3095

2008-07-0919:33:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2008

3095

cross-site scripting

xss

vulnerability

organic groups

og module

drupal

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.3%

JSON

Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD

Node

drupalorganic_groups_moduleMatch5

drupalorganic_groups_moduleMatch6

CPENameOperatorVersion
drupal:organic_groups_moduledrupal organic groups moduleeq5
drupal:organic_groups_moduledrupal organic groups moduleeq6

CPE	Name	Operator	Version
drupal:organic_groups_module	drupal organic groups module	eq	5
drupal:organic_groups_module	drupal organic groups module	eq	6

References

drupal.org/node/277873

secunia.com/advisories/30928

www.securityfocus.com/bid/30070

exchange.xforce.ibmcloud.com/vulnerabilities/43572

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.3%

JSON

Related for CVE-2008-3095

prion2 cvelist2 nvd2 cve1