NuytsTech Security

CVE-2012-3800

by ·

Cross-site scripting (XSS) vulnerability in og.js in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal, when used with the Vertical Tabs module, allows remote authenticated users to inject arbitrary web script or HTML via vectors related the group title.

Date published : 2012-06-26

http://www.securityfocus.com/bid/53838

http://drupal.org/node/1619736

Tags: