CVE-2010-2125 Information
Share on:
Feb 14, 2021
cve
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users with \create rotor item\ or \edit any rotor item\ privileges to inject arbitrary web script or HTML via the (1) srs (2) title or (3) alt image attribute.
Reference
http://drupal.org/node/803930 http://secunia.com/advisories/39883 http://www.osvdb.org/64770 https://exchange.xforce.ibmcloud.com/vulnerabilities/58719