CVE-2010-2125

Published Jun 1, 2010

Last updated a month ago

CVSS info 2.1

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:N/AC:H/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:5.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EADF2B78-6A02-4EA3-B5E7-AA182546F009"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:5.x-1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C874949B-43C7-46F0-B7A9-1D3EDC56F012"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:5.x-1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7678F7F5-D74C-4804-BBDE-56ACA77E10B7"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:5.x-1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "214AD43A-02C0-424A-BFF2-096ADE9E32F9"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:5.x-1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "602AB23E-D16B-45BB-8920-8EA9E7D4DEFB"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:5.x-1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1858FB2C-223A-4C56-972A-D3559FEC75C6"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:5.x-1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30D81598-F88B-4043-B078-8AC4F4CCBB26"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:5.x-1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F2F481F-120D-4780-A083-E766F494F00F"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:5.x-1.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C33D089-161D-446E-A18D-1AC68BE4C387"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:6.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5F4E431-154C-4358-B65B-E1459EFE3EB1"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:6.x-1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E3BC0FE-E761-4A44-8A20-C30F37193B27"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:6.x-1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56B183B5-C8BA-4F87-ADC1-AFDD1BC0176C"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:6.x-1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4FD8F83-4198-42CB-B6C0-F8118D1D547E"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:6.x-1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7882AF9A-8A74-4251-8954-B7D2B12C404F"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:6.x-1.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9ABB6B6-24F1-49CC-9469-5D104AF9C971"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E832669-AB36-4E3F-8F95-CE8C4CB5A469"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7495CC3F-0526-4F71-97C5-44394C74790C"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2ECF4F74-8620-498C-ACCD-03BA4833EC02"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CA03D95-7129-4A95-85E7-6D6C2AB5E176"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "128E92D7-9F48-4E8E-BE15-8C4AD4DDEEA6"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "424F3C64-EBDD-4EAE-9D66-E3A09398FA76"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "786350B3-1DAB-4948-B826-FBC22D6BD446"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D97CE4CD-DE56-4B42-B7F6-388BBB469120"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18AE661A-CF5E-41EC-9994-CCD4FE04A184"
          },
          {
            "criteria": "cpe:2.3:a:systemseed:rotor:6.x-2.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FA0611C-A660-4736-9F99-716F044DD909"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "799CA80B-F3FA-4183-A791-2071A7DA1E54"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References