Drupal Organic Groups Module Cross Site Scripting and Security Bypass Vulnerabilities

The Organic Groups module for Drupal is prone to a cross-site scripting vulnerability and an security-bypass vulnerability.

An attacker can exploit the cross-site scripting issue to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials.

Attackers can exploit the security bypass issue to bypass security restrictions and obtain sensitive information, or perform unauthorized actions; this may aid in launching further attacks.

Organic Groups 6.x-2.x versions prior to 6.x-2.4 are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus