Dww

Researcher fromDrupal Security Team
#18436of 53,624
14.6Total CVSS
Vulnerabilities · 3
Low
1
Medium
2
PT-2009-5924
3.5
2009-10-09
Drupal · Organic Groups · CVE-2009-3652
**Name of the Vulnerable Software and Affected Versions** Organic Groups (OG) versions 5.x-7.x before 5.x-7.4 Organic Groups (OG) versions 5.x-8.x before 5.x-8.1 Organic Groups (OG) versions 6.x-1.x before 6.x-1.4 **Description** A cross-site scripting (XSS) issue allows remote authenticated users with create or edit group nodes permissions to inject arbitrary web script or HTML via the User-Agent HTTP header. **Recommendations** For Organic Groups (OG) versions 5.x-7.x before 5.x-7.4, update to version 5.x-7.4 or later. For Organic Groups (OG) versions 5.x-8.x before 5.x-8.1, update to version 5.x-8.1 or later. For Organic Groups (OG) versions 6.x-1.x before 6.x-1.4, update to version 6.x-1.4 or later.
PT-2009-3222
4.3
2009-02-13
Drupal · Views Bulk Operations · CVE-2009-0575
**Name of the Vulnerable Software and Affected Versions** Views Bulk Operations versions 5.x before 5.x-1.3 Views Bulk Operations versions 6.x before 6.x-1.4 **Description** A cross-site scripting issue exists in the theme views bulk operations confirmation function within the views bulk operations.module, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors related to node titles. **Recommendations** For Views Bulk Operations versions 5.x before 5.x-1.3, update to version 5.x-1.3 or later. For Views Bulk Operations versions 6.x before 6.x-1.4, update to version 6.x-1.4 or later.
PT-2006-7248
6.8
2006-12-20
Drupal · Drupal · CVE-2006-6646
**Name of the Vulnerable Software and Affected Versions** Drupal Project Issue Tracking versions 4.7.x-1.0 through 4.7.x-2.0 Drupal Project versions 4.6.x-1.0, 4.7.x-1.0, 4.7.x-2.0 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via unspecified `parameters`. This is possible because the `check plain` function is not used. **Recommendations** For Drupal Project Issue Tracking versions 4.7.x-1.0 through 4.7.x-2.0, update to ensure the `check plain` function is utilized for all parameters. For Drupal Project versions 4.6.x-1.0, 4.7.x-1.0, 4.7.x-2.0, apply the same update to use the `check plain` function for parameters. As a temporary workaround, consider restricting access to unspecified parameters until a patch is available.