VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-2125

rotor: Multiple cross-site scripting (XSS) vulnerabilities...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2125

Original

Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-06-01

Source Information Category:

Advisory, Alert

Last Updated:

2010-06-02

Affected Product Tags

cpe:/a:drupal:drupal

cpe:/a:systemseed:rotor:5.x-1.0

cpe:/a:systemseed:rotor:5.x-1.1

cpe:/a:systemseed:rotor:5.x-1.2

cpe:/a:systemseed:rotor:5.x-1.3

cpe:/a:systemseed:rotor:5.x-1.4

cpe:/a:systemseed:rotor:5.x-1.5

cpe:/a:systemseed:rotor:5.x-1.6

cpe:/a:systemseed:rotor:5.x-1.7

cpe:/a:systemseed:rotor:5.x-1.x:dev

cpe:/a:systemseed:rotor:6.x-1.0

cpe:/a:systemseed:rotor:6.x-1.1

cpe:/a:systemseed:rotor:6.x-1.2

cpe:/a:systemseed:rotor:6.x-1.3

cpe:/a:systemseed:rotor:6.x-1.4

cpe:/a:systemseed:rotor:6.x-1.x:dev

cpe:/a:systemseed:rotor:6.x-2.0

cpe:/a:systemseed:rotor:6.x-2.0:beta1

cpe:/a:systemseed:rotor:6.x-2.0:beta2

cpe:/a:systemseed:rotor:6.x-2.0:beta3

cpe:/a:systemseed:rotor:6.x-2.0:rc1

cpe:/a:systemseed:rotor:6.x-2.1

cpe:/a:systemseed:rotor:6.x-2.2

cpe:/a:systemseed:rotor:6.x-2.3

cpe:/a:systemseed:rotor:6.x-2.4

cpe:/a:systemseed:rotor:6.x-2.x:dev

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM http://drupal.org/node/803930

OSVDB 64770

SECUNIA 39883

Vulnerability Type Cross-Site Scripting (XSS) (CWE-79)

XF rotorbanner-image-xss(58719)