Drupal Organic Groups Module Cross Site Scripting and Security Bypass Vulnerabilities
The Organic Groups module for Drupal is prone to a cross-site scripting vulnerability and an security-bypass vulnerability.
An attacker can exploit the cross-site scripting issue to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials.
Attackers can exploit the security bypass issue to bypass security restrictions and obtain sensitive information, or perform unauthorized actions; this may aid in launching further attacks.
Organic Groups 6.x-2.x versions prior to 6.x-2.4 are vulnerable.