CVE-2008-0564

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636.

References

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html

https://issues.rpath.com/browse/RPL-2207

https://bugzilla.redhat.com/show_bug.cgi?id=431526

http://www.vupen.com/english/advisories/2011/0542

http://www.vupen.com/english/advisories/2008/0422

http://www.ubuntu.com/usn/usn-586-1

http://www.securityfocus.com/bid/27630

http://www.securityfocus.com/archive/1/488236/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2011-0307.html

http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061

http://wiki.rpath.com/Advisories:rPSA-2008-0056

http://support.apple.com/kb/HT4077

http://sourceforge.net/project/shownotes.php?release_id=559308&group_id=103

http://secunia.com/advisories/43549

http://secunia.com/advisories/31687

http://secunia.com/advisories/29388

http://secunia.com/advisories/29249

http://secunia.com/advisories/28966

http://secunia.com/advisories/28916

http://secunia.com/advisories/28794

http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

Details

Source: Mitre, NVD

Published: 2008-02-05

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.01728