FKIE_CVE-2008-0564

Vulnerability from fkie_nvd - Published: 2008-02-05 02:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636.
References
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
cve@mitre.orghttp://mail.python.org/pipermail/mailman-announce/2008-February/000096.html
cve@mitre.orghttp://secunia.com/advisories/28794
cve@mitre.orghttp://secunia.com/advisories/28916
cve@mitre.orghttp://secunia.com/advisories/28966
cve@mitre.orghttp://secunia.com/advisories/29249
cve@mitre.orghttp://secunia.com/advisories/29388
cve@mitre.orghttp://secunia.com/advisories/31687
cve@mitre.orghttp://secunia.com/advisories/43549
cve@mitre.orghttp://sourceforge.net/project/shownotes.php?release_id=559308&group_id=103
cve@mitre.orghttp://support.apple.com/kb/HT4077
cve@mitre.orghttp://wiki.rpath.com/Advisories:rPSA-2008-0056
cve@mitre.orghttp://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2011-0307.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/488236/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/27630
cve@mitre.orghttp://www.ubuntu.com/usn/usn-586-1
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0422
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0542
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=431526
cve@mitre.orghttps://issues.rpath.com/browse/RPL-2207
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28794
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28916
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28966
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29249
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29388
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31687
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43549
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/project/shownotes.php?release_id=559308&group_id=103
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4077
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/Advisories:rPSA-2008-0056
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2011-0307.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/488236/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/27630
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-586-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0422
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0542
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=431526
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-2207
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html
Impacted products
Vendor Product Version
mailman mailman *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mailman:mailman:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66416D43-5E21-4153-A603-9D6A314EF494",
              "versionEndIncluding": "2.1.10b",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list\u0027s \"info attribute\" in the web administrator interface, a different vulnerability than CVE-2006-3636."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)en Mailman en versiones anteriores a 2.1.10b1. Permiten a atacantes remotos inyectar scripts wet y HTMLs arbitrarios por medio de vectores sin especificar relacionados con (1)editar plantillas y (2) la lista \"info atribute\" en la interfaz del administrador web, una vulnerabilidad distinta a CVE-2006-3636."
    }
  ],
  "id": "CVE-2008-0564",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-02-05T02:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28794"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28916"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28966"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29249"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29388"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31687"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/43549"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0056"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/488236/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/27630"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-586-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0422"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2011/0542"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-2207"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28916"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28966"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29249"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceforge.net/project/shownotes.php?release_id=559308\u0026group_id=103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT4077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/488236/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27630"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-586-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0542"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-2207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=431526\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.  More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/\n",
      "lastModified": "2008-03-07T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.