CVE-2009-3652

Moshe Weitzman Organic Groups - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Organic Groups (OG) 5.x-7.x before 5.x-7.4, 5.x-8.x before 5.x-8.1, and 6.x-1.x before 6.x-1.4, a module for Drupal, allows remote authenticated users, with create or edit group nodes permissions, to inject arbitrary web script or HTML via the User-Agent HTTP header, a different issue than CVE-2008-3095.

References (8)

[Patch, Vendor Advisory] http://drupal.org/node/592358

[Patch, Vendor Advisory] http://drupal.org/node/592410

[Patch, Vendor Advisory] http://drupal.org/node/592412

[Patch, Vendor Advisory] http://drupal.org/node/592414

[Patch, Vendor Advisory] http://secunia.com/advisories/36923

[Patch] http://www.securityfocus.com/bid/36558

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/53570

[Third Party Advisory, VDB Entry] http://osvdb.org/58445

Scores

EPSS 0.0021

EPSS Percentile 43.2%

Classification

CWE

CWE-79

Status published

Affected Products (25)

moshe_weitzman/organic_groups

moshe_weitzman/organic_groups

moshe_weitzman/organic_groups

moshe_weitzman/organic_groups

moshe_weitzman/organic_groups

moshe_weitzman/organic_groups

moshe_weitzman/organic_groups

moshe_weitzman/organic_groups

moshe_weitzman/organic_groups

moshe_weitzman/organic_groups

moshe_weitzman/organic_groups

moshe_weitzman/organic_groups

moshe_weitzman/organic_groups

moshe_weitzman/organic_groups

moshe_weitzman/organic_groups

... and 10 more

Timeline

Published Oct 09, 2009

Tracked Since Feb 18, 2026