CVE Vulnerability

CVE-2008-0564

Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html
http://sourceforge.net/project/shownotes.php?release_id=559308&group_id=103
http://www.securityfocus.com/bid/27630
http://secunia.com/advisories/28794
https://bugzilla.redhat.com/show_bug.cgi?id=431526
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html
http://secunia.com/advisories/28916
http://wiki.rpath.com/Advisories:rPSA-2008-0056
https://issues.rpath.com/browse/RPL-2207
http://secunia.com/advisories/28966
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061
http://secunia.com/advisories/29249
http://www.ubuntu.com/usn/usn-586-1
http://secunia.com/advisories/29388
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
http://secunia.com/advisories/31687
http://support.apple.com/kb/HT4077
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://www.vupen.com/english/advisories/2008/0422
http://secunia.com/advisories/43549
http://www.vupen.com/english/advisories/2011/0542
http://www.redhat.com/support/errata/RHSA-2011-0307.html
http://www.securityfocus.com/archive/1/488236/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:mailman:mailman:*:*:*:*:*:*:*:*
Information

Published : 2008-02-05 02:00

Updated : 2018-10-15 10:01

NVD link : CVE-2008-0564

Mitre link : CVE-2008-0564

Products Affected
No products.
CWE
CWE-79