CVE-2010-2125

EUVD-2010-2141
Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
systemseedrotor
5.x-1.0:x
systemseedrotor
5.x-1.1:x
systemseedrotor
5.x-1.2:x
systemseedrotor
5.x-1.3:x
systemseedrotor
5.x-1.4:x
systemseedrotor
5.x-1.5:x
systemseedrotor
5.x-1.6:x
systemseedrotor
5.x-1.7:x
systemseedrotor
5.x-1.x:x
systemseedrotor
6.x-1.0:x
systemseedrotor
6.x-1.1:x
systemseedrotor
6.x-1.2:x
systemseedrotor
6.x-1.3:x
systemseedrotor
6.x-1.4:x
systemseedrotor
6.x-1.x:x
systemseedrotor
6.x-2.0:x
systemseedrotor
6.x-2.0:x
systemseedrotor
6.x-2.0:x
systemseedrotor
6.x-2.0:x
systemseedrotor
6.x-2.0:x
systemseedrotor
6.x-2.1:x
systemseedrotor
6.x-2.2:x
systemseedrotor
6.x-2.3:x
systemseedrotor
6.x-2.4:x
systemseedrotor
6.x-2.x:x
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://drupal.org/node/803930
http://secunia.com/advisories/39883
http://www.osvdb.org/64770
https://exchange.xforce.ibmcloud.com/vulnerabilities/58719
http://drupal.org/node/803930
http://secunia.com/advisories/39883
http://www.osvdb.org/64770
https://exchange.xforce.ibmcloud.com/vulnerabilities/58719