SA-CONTRIB-2009-105 - Subgroups For Organic Groups - Cross Site Scripting
Final version for the Drupal 5 branch.
Equivalent to the latest dev version in that branch. No new features or bugs discovered.
This is the first stable version of G2 for Drupal 6.x.
It includes several security fixes over the pre-release -dev version, as well as a new XML-RPC client demo.
However, the -dev branch is quite stable and should be preferred in most cases.
The theme fails to sanitize a value in the url, leading to a Cross Site Scripting (XSS) vulnerability.
See SA-CONTRIB-2012-081 - Zen - Cross Site Scripting.
Release for SA-CONTRIB-2009-094 - NGP COO/CWP Integration (crmngp) - Multiple Vulnerabilities Access control fix, text filtering