CVE-2013-4228

The OG access fields visibility fields implementation in Organic Groups OG module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via...

CVE-2013-4228

CVE-2013-4228 affects the Drupal contributed module Organic Groups (OG) for 7.x-2.x prior to 7.x-2.3. The vulnerability arises from the OG access/visibility fields not properly restricting access to private groups, allowing remote authenticated users to guess node IDs, subscribe to, and read cont...

CVE-2013-7065

The CVE concerns the Drupal Organic Groups (OG) module for Drupal 7.x-2.x, specifically versions prior to 7.x-2.3. The vulnerability allows remote attackers to bypass access restrictions and post to arbitrary groups using the og_group_ref field, enabling group-wide content posting beyond intended...

CVE-2013-7065

The Organic Groups OG module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the oggroupref field...

CVE-2012-5539

The Drupal OG (Organic Groups) module for 7.x-1.x is vulnerable prior to 7.x-1.5. The flaw occurs in the handling of pending group memberships, allowing remote authenticated users to post to groups they are not properly authorized for by editing their own account while a pending membership is awa...

CVE-2012-2081

The CVE-2012-2081 issue concerns the Organic Groups (OG) module for Drupal (versions 6.x-2.x prior to 6.x-2.3). The root cause is that the module’s Views integration does not correctly filter information from private groups, allowing remote attackers to access sensitive data. Impact: disclosure o...

CVE-2012-2721

The CVE-2012-2721 issue affects the Organic Groups module for Drupal 6.x, specifically versions prior to 6.x-2.4. The vulnerability arises because the module’s default views do not properly enforce Drupal core permissions when all users have the 'access content' permission removed, enabling remot...

CVE-2012-3800

The vulnerability CVE-2012-3800 affects the Organic Groups module for Drupal (6.x-2.x) prior to 6.x-2.4 when used with the Vertical Tabs module. The issue is an XSS in og.js that allows remote authenticated users to inject arbitrary script or HTML via the group title. The Drupal security advisory...

CVE-2009-4063

The vulnerability CVE-2009-4063 affects Drupal’s Subgroups for Organic Groups (OG) module for Drupal 5.x. Specifically, versions before 5.x-4.0 and before 5.x-3.4 are vulnerable in OG’s handling of node titles, allowing remote attackers to inject arbitrary script/HTML via node titles (XSS). The a...

CVE-2008-3094

The CVE affects the Drupal Organic Groups (OG) module, specifically 5.x prior to 5.x-7.3 and 6.x prior to 6.x-1.0-RC1. The vulnerability enables remote attackers to disclose sensitive information (private group names) via unspecified vectors. The description does not detail a fixed patch or remed...

CVE-2008-3095

The CVE-2008-3095 entry concerns the Organic Groups (OG) module for Drupal. A cross-site scripting (XSS) vulnerability affects OG 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, allowing remote authenticated users with group owner permissions to inject arbitrary web script or HTML via unspecified ...