MidnightBSD

Advisories for systemseed

CVE-2010-2125 LOW

Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
systemseed rotor 5.x-1.1
systemseed rotor 5.x-1.5
systemseed rotor 6.x-2.1
systemseed rotor 5.x-1.3
systemseed rotor 6.x-2.3
systemseed rotor 6.x-2.0
systemseed rotor 5.x-1.x
systemseed rotor 5.x-1.7
systemseed rotor 6.x-1.x
systemseed rotor 6.x-1.1
systemseed rotor 6.x-2.x
systemseed rotor 6.x-1.2
systemseed rotor 6.x-1.0
systemseed rotor 6.x-2.2
systemseed rotor 5.x-1.0
systemseed rotor 5.x-1.4
systemseed rotor 5.x-1.6
systemseed rotor 6.x-1.3
systemseed rotor 6.x-1.4
systemseed rotor 5.x-1.2
systemseed rotor 6.x-2.4