Cross site scripting

2010-06-0121:30:00

PRIOn knowledge base

www.prio-n.com

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with “create rotor item” or “edit any rotor item” privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute.

CPENameOperatorVersion
rotoreq5.120.10
rotoreq5.120.11
rotoreq5.120.12
rotoreq5.120.13
rotoreq5.120.14
rotoreq5.120.15
rotoreq5.120.16
rotoreq5.120.17
rotoreq5.x-1.x dev
rotoreq6.120.10

Name	Operator	Version
rotor	eq	5.120.10
rotor	eq	5.120.11
rotor	eq	5.120.12
rotor	eq	5.120.13
rotor	eq	5.120.14
rotor	eq	5.120.15
rotor	eq	5.120.16
rotor	eq	5.120.17
rotor	eq	5.x-1.x dev
rotor	eq	6.120.10

Rows per page:

1-10 of 251

References

secunia.com/advisories/39883

www.osvdb.org/64770

drupal.org/node/803930

exchange.xforce.ibmcloud.com/vulnerabilities/58719