6 matches found
EUVD-2010-2141
Malware in sbrugna...
CVE-2010-2125
Multiple cross-site scripting XSS vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the 1 srs, 2 title, or 3 alt...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the 1 srs, 2 title, or 3 alt...
CVE-2010-2125
CVE-2010-2125 describes multiple XSS vulnerabilities in the Drupal Rotor Banner module. Affected: rotor_banner 5.x series before 5.x-1.8 and 6.x series before 6.x-2.5. Vulnerability arises when an authenticated user with either “create rotor item” or “edit any rotor item” privileges can inject ar...
CVE-2010-2125
Multiple cross-site scripting XSS vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the 1 srs, 2 title, or 3 alt...
SA-CONTRIB-2010-057 - Rotor Banner - Cross Site Scripting (XSS)
The Rotor Banner module allows users to upload images which can then be displayed in a block and rotated through using jQuery. However, when these images are displayed, the values for the various image attributes srs, title, alt are not properly sanitized, leading to a cross site scripting XSS...