CVE-2010-2125

Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:S/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://drupal.org/node/803930	Patch Vendor Advisory
http://secunia.com/advisories/39883	Vendor Advisory
http://www.osvdb.org/64770
https://exchange.xforce.ibmcloud.com/vulnerabilities/58719
http://drupal.org/node/803930	Patch Vendor Advisory
http://secunia.com/advisories/39883	Vendor Advisory
http://www.osvdb.org/64770
https://exchange.xforce.ibmcloud.com/vulnerabilities/58719

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:systemseed:rotor:5.x-1.0:::::::*
	cpe:2.3:a:systemseed:rotor:5.x-1.1:::::::*
	cpe:2.3:a:systemseed:rotor:5.x-1.2:::::::*
	cpe:2.3:a:systemseed:rotor:5.x-1.3:::::::*
	cpe:2.3:a:systemseed:rotor:5.x-1.4:::::::*
	cpe:2.3:a:systemseed:rotor:5.x-1.5:::::::*
	cpe:2.3:a:systemseed:rotor:5.x-1.6:::::::*
	cpe:2.3:a:systemseed:rotor:5.x-1.7:::::::*
	cpe:2.3:a:systemseed:rotor:5.x-1.x:dev::::::

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:systemseed:rotor:6.x-1.0:::::::*
	cpe:2.3:a:systemseed:rotor:6.x-1.1:::::::*
	cpe:2.3:a:systemseed:rotor:6.x-1.2:::::::*
	cpe:2.3:a:systemseed:rotor:6.x-1.3:::::::*
	cpe:2.3:a:systemseed:rotor:6.x-1.4:::::::*
	cpe:2.3:a:systemseed:rotor:6.x-1.x:dev::::::
	cpe:2.3:a:systemseed:rotor:6.x-2.0:::::::*
	cpe:2.3:a:systemseed:rotor:6.x-2.0:beta1::::::
	cpe:2.3:a:systemseed:rotor:6.x-2.0:beta2::::::
	cpe:2.3:a:systemseed:rotor:6.x-2.0:beta3::::::
	cpe:2.3:a:systemseed:rotor:6.x-2.0:rc1::::::
	cpe:2.3:a:systemseed:rotor:6.x-2.1:::::::*
	cpe:2.3:a:systemseed:rotor:6.x-2.2:::::::*
	cpe:2.3:a:systemseed:rotor:6.x-2.3:::::::*
	cpe:2.3:a:systemseed:rotor:6.x-2.4:::::::*
	cpe:2.3:a:systemseed:rotor:6.x-2.x:dev::::::

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:15

Type	Values Removed	Values Added
References	~~() http://drupal.org/node/803930 - Patch, Vendor Advisory~~	() http://drupal.org/node/803930 - Patch, Vendor Advisory
References	~~() http://secunia.com/advisories/39883 - Vendor Advisory~~	() http://secunia.com/advisories/39883 - Vendor Advisory
References	~~() http://www.osvdb.org/64770 -~~	() http://www.osvdb.org/64770 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/58719 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/58719 -

Information

Published : 2010-06-01 21:30

Updated : 2025-04-11 00:51

NVD link : CVE-2010-2125

Mitre link : CVE-2010-2125

CVE.ORG link : CVE-2010-2125

JSON object : View

Products Affected

systemseed

rotor

drupal

drupal

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2010-2125", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-06-01T21:30:01.180", "references": [{"url": "http://drupal.org/node/803930", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/39883", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/64770", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58719", "source": "cve@mitre.org"}, {"url": "http://drupal.org/node/803930", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/39883", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/64770", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58719", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with \"create rotor item\" or \"edit any rotor item\" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute."}, {"lang": "es", "value": "Multiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo Rotor Banner v5.x anterior a v5.x-1.8 y v6.x anterior a v6.x-2.5 para Drupal permite a usuarios autenticados remotamente, con privilegios \"create rotor item\" o \"edit any rotor item\", inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de los siguientes atributos de imagen (1) src, (2) title, or (3) alt"}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:systemseed:rotor:5.x-1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EADF2B78-6A02-4EA3-B5E7-AA182546F009"}, {"criteria": "cpe:2.3:a:systemseed:rotor:5.x-1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C874949B-43C7-46F0-B7A9-1D3EDC56F012"}, {"criteria": "cpe:2.3:a:systemseed:rotor:5.x-1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7678F7F5-D74C-4804-BBDE-56ACA77E10B7"}, {"criteria": "cpe:2.3:a:systemseed:rotor:5.x-1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "214AD43A-02C0-424A-BFF2-096ADE9E32F9"}, {"criteria": "cpe:2.3:a:systemseed:rotor:5.x-1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "602AB23E-D16B-45BB-8920-8EA9E7D4DEFB"}, {"criteria": "cpe:2.3:a:systemseed:rotor:5.x-1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1858FB2C-223A-4C56-972A-D3559FEC75C6"}, {"criteria": "cpe:2.3:a:systemseed:rotor:5.x-1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30D81598-F88B-4043-B078-8AC4F4CCBB26"}, {"criteria": "cpe:2.3:a:systemseed:rotor:5.x-1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F2F481F-120D-4780-A083-E766F494F00F"}, {"criteria": "cpe:2.3:a:systemseed:rotor:5.x-1.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C33D089-161D-446E-A18D-1AC68BE4C387"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:systemseed:rotor:6.x-1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5F4E431-154C-4358-B65B-E1459EFE3EB1"}, {"criteria": "cpe:2.3:a:systemseed:rotor:6.x-1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E3BC0FE-E761-4A44-8A20-C30F37193B27"}, {"criteria": "cpe:2.3:a:systemseed:rotor:6.x-1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56B183B5-C8BA-4F87-ADC1-AFDD1BC0176C"}, {"criteria": "cpe:2.3:a:systemseed:rotor:6.x-1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4FD8F83-4198-42CB-B6C0-F8118D1D547E"}, {"criteria": "cpe:2.3:a:systemseed:rotor:6.x-1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7882AF9A-8A74-4251-8954-B7D2B12C404F"}, {"criteria": "cpe:2.3:a:systemseed:rotor:6.x-1.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9ABB6B6-24F1-49CC-9469-5D104AF9C971"}, {"criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E832669-AB36-4E3F-8F95-CE8C4CB5A469"}, {"criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7495CC3F-0526-4F71-97C5-44394C74790C"}, {"criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ECF4F74-8620-498C-ACCD-03BA4833EC02"}, {"criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CA03D95-7129-4A95-85E7-6D6C2AB5E176"}, {"criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "128E92D7-9F48-4E8E-BE15-8C4AD4DDEEA6"}, {"criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "424F3C64-EBDD-4EAE-9D66-E3A09398FA76"}, {"criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "786350B3-1DAB-4948-B826-FBC22D6BD446"}, {"criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D97CE4CD-DE56-4B42-B7F6-388BBB469120"}, {"criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18AE661A-CF5E-41EC-9994-CCD4FE04A184"}, {"criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.x:dev:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FA0611C-A660-4736-9F99-716F044DD909"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}

2.1 /10