Lucene search

[email protected]CVE-2010-2125

HistoryJun 01, 2010 - 9:30 p.m.

CVE-2010-2125

2010-06-0121:30:01

CWE-79

[email protected]

web.nvd.nist.gov

cve

2010

2125

xss

vulnerabilities

rotor banner

drupal

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with “create rotor item” or “edit any rotor item” privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute.

Affected configurations

NVD

Node

systemseedrotorMatch5.x-1.0

systemseedrotorMatch5.x-1.1

systemseedrotorMatch5.x-1.2

systemseedrotorMatch5.x-1.3

systemseedrotorMatch5.x-1.4

systemseedrotorMatch5.x-1.5

systemseedrotorMatch5.x-1.6

systemseedrotorMatch5.x-1.7

systemseedrotorMatch5.x-1.xdev

AND

drupaldrupal

Node

systemseedrotorMatch6.x-1.0

systemseedrotorMatch6.x-1.1

systemseedrotorMatch6.x-1.2

systemseedrotorMatch6.x-1.3

systemseedrotorMatch6.x-1.4

systemseedrotorMatch6.x-1.xdev

systemseedrotorMatch6.x-2.0

systemseedrotorMatch6.x-2.0beta1

systemseedrotorMatch6.x-2.0beta2

systemseedrotorMatch6.x-2.0beta3

systemseedrotorMatch6.x-2.0rc1

systemseedrotorMatch6.x-2.1

systemseedrotorMatch6.x-2.2

systemseedrotorMatch6.x-2.3

systemseedrotorMatch6.x-2.4

systemseedrotorMatch6.x-2.xdev

AND

drupaldrupal

CPENameOperatorVersion
systemseed:rotorsystemseed rotoreq5.x-1.0
systemseed:rotorsystemseed rotoreq5.x-1.1
systemseed:rotorsystemseed rotoreq5.x-1.2
systemseed:rotorsystemseed rotoreq5.x-1.3
systemseed:rotorsystemseed rotoreq5.x-1.4
systemseed:rotorsystemseed rotoreq5.x-1.5
systemseed:rotorsystemseed rotoreq5.x-1.6
systemseed:rotorsystemseed rotoreq5.x-1.7
systemseed:rotorsystemseed rotoreq5.x-1.x

CPE	Name	Operator	Version
systemseed:rotor	systemseed rotor	eq	5.x-1.0
systemseed:rotor	systemseed rotor	eq	5.x-1.1
systemseed:rotor	systemseed rotor	eq	5.x-1.2
systemseed:rotor	systemseed rotor	eq	5.x-1.3
systemseed:rotor	systemseed rotor	eq	5.x-1.4
systemseed:rotor	systemseed rotor	eq	5.x-1.5
systemseed:rotor	systemseed rotor	eq	5.x-1.6
systemseed:rotor	systemseed rotor	eq	5.x-1.7
systemseed:rotor	systemseed rotor	eq	5.x-1.x

References

drupal.org/node/803930

secunia.com/advisories/39883

www.osvdb.org/64770

exchange.xforce.ibmcloud.com/vulnerabilities/58719

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

JSON

Related for CVE-2010-2125

nvd1 cvelist1 prion1