CVE-2010-2125 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users with \create rotor item\ or \edit any rotor item\ privileges to inject arbitrary web script or HTML via the (1) srs (2) title or (3) alt image attribute.

Reference

http://drupal.org/node/803930 http://secunia.com/advisories/39883 http://www.osvdb.org/64770 https://exchange.xforce.ibmcloud.com/vulnerabilities/58719