Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the "access content" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Drupal ‘Organic Groups’ 模块跨站脚本漏洞和安全绕过漏洞
Vulnerability Description
Drupal是Drupal社区所维护的一套用PHP语言开发的免费、开源的内容管理系统。 Drupal的Organic Groups模块中存在一个跨站脚本漏洞和一个安全绕过漏洞。攻击者可利用跨站脚本漏洞在受影响站点上下文中执行任意脚本代码,盗取基于cookie的认证证书;可利用安全绕过漏洞绕过安全限制进而获取敏感信息,或执行未授权操作;也可能导致进一步的攻击。Organic Groups 6.x-2.4之前的6.x-2.x版本中存在这些漏洞。
CVSS Information
N/A
Vulnerability Type
N/A