PT-2010-3735 · Drupal · Rotor Banner

Published

2010-06-01

Updated

2017-08-17

CVE-2010-2125

CVSS v2.0

2.1

Low

Vector

AV:N/AC:H/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Rotor Banner module versions 5.x before 5.x-1.8 Rotor Banner module versions 6.x before 6.x-2.5

Description The issue allows remote authenticated users with specific privileges to inject arbitrary web script or HTML. This can be achieved via the srs, title, or alt image attribute. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations For Rotor Banner module version 5.x, update to version 5.x-1.8 or later. For Rotor Banner module version 6.x, update to version 6.x-2.5 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2010-2125

Affected Products

Rotor Banner

PT-2010-3735 · Drupal · Rotor Banner

CVE-2010-2125

Weakness Enumeration

Related Identifiers

Affected Products

References · 5