CVE-2010-2125

Systemseed Rotor - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute.

References (4)

Scores

EPSS 0.0018
EPSS Percentile 38.7%

Classification

CWE
CWE-79
Status published

Affected Products (26)

systemseed/rotor
systemseed/rotor
systemseed/rotor
systemseed/rotor
systemseed/rotor
systemseed/rotor
systemseed/rotor
systemseed/rotor
systemseed/rotor
systemseed/rotor
systemseed/rotor
systemseed/rotor
systemseed/rotor
systemseed/rotor
systemseed/rotor
... and 11 more

Timeline

Published Jun 01, 2010
Tracked Since Feb 18, 2026