4 matches found
CVE-2013-0317
Cross-site scripting XSS vulnerability in the Manager Change for Organic Groups ogmanagerchange module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field...
CVE-2013-0317
CVE-2013-0317 is a cross-site scripting (XSS) vulnerability in the Drupal contributed module Manager Change for Organic Groups (og_manager_change) for 7.x-2.x, fixed in 7.x-2.1. The issue arises because the autocomplete field used to select a new manager did not properly filter usernames, allowin...
CVE-2013-0317
Cross-site scripting XSS vulnerability in the Manager Change for Organic Groups ogmanagerchange module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field...
SA-CONTRIB-2013-015 - Manager Change for Organic Groups - Cross site scripting (XSS)
This module extends Organic Groups to allow the manager of a group to select a new manager for their group ie if they want to leave the group. The autocomplete field for selecting a new manager didn't properly filter usernames. The vulnerability is mitigated by the fact that Drupal's default...