CVE-2008-0564 (GCVE-0-2008-0564)
Vulnerability from cvelistv5 – Published: 2008-02-05 01:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "MDVSA-2008:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061"
},
{
"name": "RHSA-2011:0307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2207"
},
{
"name": "ADV-2008-0422",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0422"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31687"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0056"
},
{
"name": "FEDORA-2008-1334",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html"
},
{
"name": "28966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28966"
},
{
"name": "USN-586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-586-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103"
},
{
"name": "28916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28916"
},
{
"name": "[Mailman-Announce] 20080203 Mailman 2.1.10b3 Released (was: Re: Mailman 2.1.10b1 Released)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html"
},
{
"name": "20080215 rPSA-2008-0056-1 mailman",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/488236/100/0/threaded"
},
{
"name": "29388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29388"
},
{
"name": "27630",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27630"
},
{
"name": "ADV-2011-0542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0542"
},
{
"name": "28794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28794"
},
{
"name": "29249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29249"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526"
},
{
"name": "43549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list\u0027s \"info attribute\" in the web administrator interface, a different vulnerability than CVE-2006-3636."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "MDVSA-2008:061",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061"
},
{
"name": "RHSA-2011:0307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2207"
},
{
"name": "ADV-2008-0422",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0422"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31687"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0056"
},
{
"name": "FEDORA-2008-1334",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html"
},
{
"name": "28966",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28966"
},
{
"name": "USN-586-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-586-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103"
},
{
"name": "28916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28916"
},
{
"name": "[Mailman-Announce] 20080203 Mailman 2.1.10b3 Released (was: Re: Mailman 2.1.10b1 Released)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html"
},
{
"name": "20080215 rPSA-2008-0056-1 mailman",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/488236/100/0/threaded"
},
{
"name": "29388",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29388"
},
{
"name": "27630",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27630"
},
{
"name": "ADV-2011-0542",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0542"
},
{
"name": "28794",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28794"
},
{
"name": "29249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29249"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526"
},
{
"name": "43549",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43549"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list\u0027s \"info attribute\" in the web administrator interface, a different vulnerability than CVE-2006-3636."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "MDVSA-2008:061",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061"
},
{
"name": "RHSA-2011:0307",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-2207",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2207"
},
{
"name": "ADV-2008-0422",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0422"
},
{
"name": "31687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31687"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0056",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0056"
},
{
"name": "FEDORA-2008-1334",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html"
},
{
"name": "28966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28966"
},
{
"name": "USN-586-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-586-1"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103"
},
{
"name": "28916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28916"
},
{
"name": "[Mailman-Announce] 20080203 Mailman 2.1.10b3 Released (was: Re: Mailman 2.1.10b1 Released)",
"refsource": "MLIST",
"url": "http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html"
},
{
"name": "20080215 rPSA-2008-0056-1 mailman",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488236/100/0/threaded"
},
{
"name": "29388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29388"
},
{
"name": "27630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27630"
},
{
"name": "ADV-2011-0542",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0542"
},
{
"name": "28794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28794"
},
{
"name": "29249",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29249"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=431526",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526"
},
{
"name": "43549",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43549"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0564",
"datePublished": "2008-02-05T01:00:00",
"dateReserved": "2008-02-04T00:00:00",
"dateUpdated": "2024-08-07T07:46:54.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mailman:mailman:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.1.10b\", \"matchCriteriaId\": \"66416D43-5E21-4153-A603-9D6A314EF494\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list\u0027s \\\"info attribute\\\" in the web administrator interface, a different vulnerability than CVE-2006-3636.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)en Mailman en versiones anteriores a 2.1.10b1. Permiten a atacantes remotos inyectar scripts wet y HTMLs arbitrarios por medio de vectores sin especificar relacionados con (1)editar plantillas y (2) la lista \\\"info atribute\\\" en la interfaz del administrador web, una vulnerabilidad distinta a CVE-2006-3636.\"}]",
"id": "CVE-2008-0564",
"lastModified": "2024-11-21T00:42:23.763",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2008-02-05T02:00:00.000",
"references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28794\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28916\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/28966\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/29249\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/29388\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/31687\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/43549\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.apple.com/kb/HT4077\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://wiki.rpath.com/Advisories:rPSA-2008-0056\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2011-0307.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/488236/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/27630\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-586-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0422\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0542\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=431526\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://issues.rpath.com/browse/RPL-2207\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28794\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28916\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/28966\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29249\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29388\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/31687\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/43549\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT4077\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://wiki.rpath.com/Advisories:rPSA-2008-0056\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2011-0307.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/488236/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/27630\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-586-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0422\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2011/0542\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=431526\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://issues.rpath.com/browse/RPL-2207\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Red Hat is aware of this issue and is tracking it via the following bug:\\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=431526\\n\\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/\\n\", \"lastModified\": \"2008-03-07T00:00:00\"}]",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2008-0564\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-02-05T02:00:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list\u0027s \\\"info attribute\\\" in the web administrator interface, a different vulnerability than CVE-2006-3636.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)en Mailman en versiones anteriores a 2.1.10b1. Permiten a atacantes remotos inyectar scripts wet y HTMLs arbitrarios por medio de vectores sin especificar relacionados con (1)editar plantillas y (2) la lista \\\"info atribute\\\" en la interfaz del administrador web, una vulnerabilidad distinta a CVE-2006-3636.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mailman:mailman:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.1.10b\",\"matchCriteriaId\":\"66416D43-5E21-4153-A603-9D6A314EF494\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28794\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28916\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/28966\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29249\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29388\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/31687\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/43549\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT4077\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://wiki.rpath.com/Advisories:rPSA-2008-0056\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0307.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/488236/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/27630\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-586-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0422\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0542\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=431526\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://issues.rpath.com/browse/RPL-2207\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28794\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28916\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/28966\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29249\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29388\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31687\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43549\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4077\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wiki.rpath.com/Advisories:rPSA-2008-0056\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0307.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/488236/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/27630\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-586-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0422\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0542\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=431526\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://issues.rpath.com/browse/RPL-2207\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Red Hat is aware of this issue and is tracking it via the following bug:\\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=431526\\n\\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/\\n\",\"lastModified\":\"2008-03-07T00:00:00\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…