Search criteria
3 vulnerabilities found for mailman by mailman
FKIE_CVE-2008-0564
Vulnerability from fkie_nvd - Published: 2008-02-05 02:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mailman:mailman:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66416D43-5E21-4153-A603-9D6A314EF494",
"versionEndIncluding": "2.1.10b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list\u0027s \"info attribute\" in the web administrator interface, a different vulnerability than CVE-2006-3636."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)en Mailman en versiones anteriores a 2.1.10b1. Permiten a atacantes remotos inyectar scripts wet y HTMLs arbitrarios por medio de vectores sin especificar relacionados con (1)editar plantillas y (2) la lista \"info atribute\" en la interfaz del administrador web, una vulnerabilidad distinta a CVE-2006-3636."
}
],
"id": "CVE-2008-0564",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-05T02:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28794"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28916"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28966"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29249"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29388"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31687"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43549"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4077"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0056"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/488236/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27630"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-586-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0422"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0542"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-2207"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/488236/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-586-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=431526\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/\n",
"lastModified": "2008-03-07T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-0564 (GCVE-0-2008-0564)
Vulnerability from cvelistv5 – Published: 2008-02-05 01:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "MDVSA-2008:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061"
},
{
"name": "RHSA-2011:0307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2207"
},
{
"name": "ADV-2008-0422",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0422"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31687"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0056"
},
{
"name": "FEDORA-2008-1334",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html"
},
{
"name": "28966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28966"
},
{
"name": "USN-586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-586-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103"
},
{
"name": "28916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28916"
},
{
"name": "[Mailman-Announce] 20080203 Mailman 2.1.10b3 Released (was: Re: Mailman 2.1.10b1 Released)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html"
},
{
"name": "20080215 rPSA-2008-0056-1 mailman",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488236/100/0/threaded"
},
{
"name": "29388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29388"
},
{
"name": "27630",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27630"
},
{
"name": "ADV-2011-0542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0542"
},
{
"name": "28794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28794"
},
{
"name": "29249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29249"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526"
},
{
"name": "43549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list\u0027s \"info attribute\" in the web administrator interface, a different vulnerability than CVE-2006-3636."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "MDVSA-2008:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061"
},
{
"name": "RHSA-2011:0307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2207"
},
{
"name": "ADV-2008-0422",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0422"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31687"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0056"
},
{
"name": "FEDORA-2008-1334",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html"
},
{
"name": "28966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28966"
},
{
"name": "USN-586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-586-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103"
},
{
"name": "28916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28916"
},
{
"name": "[Mailman-Announce] 20080203 Mailman 2.1.10b3 Released (was: Re: Mailman 2.1.10b1 Released)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html"
},
{
"name": "20080215 rPSA-2008-0056-1 mailman",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488236/100/0/threaded"
},
{
"name": "29388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29388"
},
{
"name": "27630",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27630"
},
{
"name": "ADV-2011-0542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0542"
},
{
"name": "28794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28794"
},
{
"name": "29249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29249"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526"
},
{
"name": "43549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43549"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list\u0027s \"info attribute\" in the web administrator interface, a different vulnerability than CVE-2006-3636."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "MDVSA-2008:061",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061"
},
{
"name": "RHSA-2011:0307",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-2207",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2207"
},
{
"name": "ADV-2008-0422",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0422"
},
{
"name": "31687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31687"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0056",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0056"
},
{
"name": "FEDORA-2008-1334",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html"
},
{
"name": "28966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28966"
},
{
"name": "USN-586-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-586-1"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103"
},
{
"name": "28916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28916"
},
{
"name": "[Mailman-Announce] 20080203 Mailman 2.1.10b3 Released (was: Re: Mailman 2.1.10b1 Released)",
"refsource": "MLIST",
"url": "http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html"
},
{
"name": "20080215 rPSA-2008-0056-1 mailman",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488236/100/0/threaded"
},
{
"name": "29388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29388"
},
{
"name": "27630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27630"
},
{
"name": "ADV-2011-0542",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0542"
},
{
"name": "28794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28794"
},
{
"name": "29249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29249"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=431526",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526"
},
{
"name": "43549",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43549"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0564",
"datePublished": "2008-02-05T01:00:00",
"dateReserved": "2008-02-04T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0564 (GCVE-0-2008-0564)
Vulnerability from nvd – Published: 2008-02-05 01:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "MDVSA-2008:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061"
},
{
"name": "RHSA-2011:0307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2207"
},
{
"name": "ADV-2008-0422",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0422"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31687"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0056"
},
{
"name": "FEDORA-2008-1334",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html"
},
{
"name": "28966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28966"
},
{
"name": "USN-586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-586-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103"
},
{
"name": "28916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28916"
},
{
"name": "[Mailman-Announce] 20080203 Mailman 2.1.10b3 Released (was: Re: Mailman 2.1.10b1 Released)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html"
},
{
"name": "20080215 rPSA-2008-0056-1 mailman",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488236/100/0/threaded"
},
{
"name": "29388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29388"
},
{
"name": "27630",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27630"
},
{
"name": "ADV-2011-0542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0542"
},
{
"name": "28794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28794"
},
{
"name": "29249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29249"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526"
},
{
"name": "43549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list\u0027s \"info attribute\" in the web administrator interface, a different vulnerability than CVE-2006-3636."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "MDVSA-2008:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061"
},
{
"name": "RHSA-2011:0307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2207"
},
{
"name": "ADV-2008-0422",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0422"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31687"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0056"
},
{
"name": "FEDORA-2008-1334",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html"
},
{
"name": "28966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28966"
},
{
"name": "USN-586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-586-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103"
},
{
"name": "28916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28916"
},
{
"name": "[Mailman-Announce] 20080203 Mailman 2.1.10b3 Released (was: Re: Mailman 2.1.10b1 Released)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html"
},
{
"name": "20080215 rPSA-2008-0056-1 mailman",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488236/100/0/threaded"
},
{
"name": "29388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29388"
},
{
"name": "27630",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27630"
},
{
"name": "ADV-2011-0542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0542"
},
{
"name": "28794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28794"
},
{
"name": "29249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29249"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526"
},
{
"name": "43549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43549"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list\u0027s \"info attribute\" in the web administrator interface, a different vulnerability than CVE-2006-3636."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "MDVSA-2008:061",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061"
},
{
"name": "RHSA-2011:0307",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-2207",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2207"
},
{
"name": "ADV-2008-0422",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0422"
},
{
"name": "31687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31687"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0056",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0056"
},
{
"name": "FEDORA-2008-1334",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html"
},
{
"name": "28966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28966"
},
{
"name": "USN-586-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-586-1"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103"
},
{
"name": "28916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28916"
},
{
"name": "[Mailman-Announce] 20080203 Mailman 2.1.10b3 Released (was: Re: Mailman 2.1.10b1 Released)",
"refsource": "MLIST",
"url": "http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html"
},
{
"name": "20080215 rPSA-2008-0056-1 mailman",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488236/100/0/threaded"
},
{
"name": "29388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29388"
},
{
"name": "27630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27630"
},
{
"name": "ADV-2011-0542",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0542"
},
{
"name": "28794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28794"
},
{
"name": "29249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29249"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=431526",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526"
},
{
"name": "43549",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43549"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0564",
"datePublished": "2008-02-05T01:00:00",
"dateReserved": "2008-02-04T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}