3 matches found
SA-CONTRIB-2013-097 - OG Features - Access bypass
This module enables you to enable and disable bundles of functionality for individual Organic groups. In order to provide this functionality, this module must override all menu callbacks available in the system, in order to delegate access based on the current Organic group you are contextually i...
SA-CONTRIB-2011-047 - OG Features access bypass
OG Features provides a mechanism for groups to enable or disable certain bundles of functionality, of features, within the groups they administer. The module is able to turn components on and off within given groups by overriding the access callbacks of every menu item, and checking conditions...
SA-CONTRIB 2010-075 - Tagging - Cross Site Scripting
The Tagging module provides an alternative input widget and other features for taxonomy terms. The module does not properly escape user-provided content submitted to free-tagging vocabularies displayed on node previews, leading to a Cross Site Scripting XSS vulnerability. Any user with permission...