Drupal Organic Groups Cross Site Scripting And Information Disclosure Vulnerabilities
BID:30070
Info
Drupal Organic Groups Cross Site Scripting And Information Disclosure Vulnerabilities
| Bugtraq ID: | 30070 |
| Class: | Unknown |
| CVE: |
CVE-2008-3094 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 02 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | fago, John Forsythe |
| Vulnerable: |
Drupal Organic Groups 6.x-1.0-beta1 |
| Not Vulnerable: |
Drupal Organic Groups 6.x-1.0-RC1 Drupal Organic Groups 5.x-7.3 |
Discussion
Drupal Organic Groups Cross Site Scripting And Information Disclosure Vulnerabilities
The Organic Groups module for Drupal is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
These issues affect the following versions:
Organic Groups 5.x (prior to 5.x-7.3)
Organic Groups 6.x (prior to 6.x-1.0-RC1)
The Organic Groups module for Drupal is prone to a cross-site scripting vulnerability and an information-disclosure vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
These issues affect the following versions:
Organic Groups 5.x (prior to 5.x-7.3)
Organic Groups 6.x (prior to 6.x-1.0-RC1)
Exploit / POC
Drupal Organic Groups Cross Site Scripting And Information Disclosure Vulnerabilities
Attackers can exploit these issues through a browser.
Attackers can exploit these issues through a browser.
Solution / Fix
Drupal Organic Groups Cross Site Scripting And Information Disclosure Vulnerabilities
Solution:
The vendor has released updates. Please see the references for more information.
Solution:
The vendor has released updates. Please see the references for more information.
References
Drupal Organic Groups Cross Site Scripting And Information Disclosure Vulnerabilities
References:
References: