CVE-2015-4373

Name of the Vulnerable Software and Affected Versions Drupal OG tabs module version prior to 7.x-1.1

Description The issue allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to nodes posted in an Organic Groups group, which is a result of a cross-site scripting (XSS) vulnerability.

Recommendations For versions prior to 7.x-1.1, update the OG tabs module to version 7.x-1.1 or later to resolve the issue.