CVE-2012-3800

Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title.

Published: Jun 27, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-3800
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:N/AC:H/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
moshe_weitzman / organic_groups	6.x-2.0-rc2	6.x-2.0-rc2.x
moshe_weitzman / organic_groups	6.x-2.0-rc1	6.x-2.0-rc1.x
moshe_weitzman / organic_groups	6.x-2.0-rc3	6.x-2.0-rc3.x
moshe_weitzman / organic_groups	6.x-2.0	6.x-2.0.x
moshe_weitzman / organic_groups	6.x-2.1	6.x-2.1.x
moshe_weitzman / organic_groups	6.x-2.2	6.x-2.2.x
moshe_weitzman / organic_groups	6.x-2.3	6.x-2.3.x
moshe_weitzman / organic_groups	6.x-2.x-dev	6.x-2.x-dev.x

http://drupal.org/node/1619736
http://drupal.org/node/1619810
http://drupalcode.org/project/og.git/commitdiff/d48fef5
http://secunia.com/advisories/49397
http://www.openwall.com/lists/oss-security/2012/06/14/3
http://www.osvdb.org/82712
http://www.securityfocus.com/bid/53838
https://exchange.xforce.ibmcloud.com/vulnerabilities/76149

Vulnerability Database

291,049

CVE-2012-3800