Drupal Organic Groups Module Cross Site Scripting and Security Bypass Vulnerabilities UPDATED
The original article can be found at: http://www.securityfocus.com/bid/53838
The information has been provided by Ezra Barnett Gildesgame and Fox.
* Drupal Organic Groups 6.X-2.3 and prior
An attacker can exploit the cross-site scripting issue to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials.
Attackers can exploit the security bypass issue to bypass security restrictions and obtain sensitive information, or perform unauthorized actions; this may aid in launching further attacks.
Vendor as issued an updated vulnerability.
Published:Jun 06 2012
Updated:Aug 07 2012