{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-02-03T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's \"info attribute\" in the web administrator interface, a different vulnerability than CVE-2006-3636."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SUSE-SR:2008:017", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"}, {"name": "MDVSA-2008:061", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061"}, {"name": "RHSA-2011:0307", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-2207"}, {"name": "ADV-2008-0422", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0422"}, {"name": "31687", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31687"}, {"name": "APPLE-SA-2010-03-29-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0056"}, {"name": "FEDORA-2008-1334", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html"}, {"name": "28966", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28966"}, {"name": "USN-586-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-586-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4077"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?release_id=559308&group_id=103"}, {"name": "28916", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28916"}, {"name": "[Mailman-Announce] 20080203 Mailman 2.1.10b3 Released (was: Re: Mailman 2.1.10b1 Released)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html"}, {"name": "20080215 rPSA-2008-0056-1 mailman", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/488236/100/0/threaded"}, {"name": "29388", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29388"}, {"name": "27630", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27630"}, {"name": "ADV-2011-0542", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0542"}, {"name": "28794", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28794"}, {"name": "29249", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29249"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526"}, {"name": "43549", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43549"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0564", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's \"info attribute\" in the web administrator interface, a different vulnerability than CVE-2006-3636."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SUSE-SR:2008:017", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"}, {"name": "MDVSA-2008:061", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061"}, {"name": "RHSA-2011:0307", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"}, {"name": "https://issues.rpath.com/browse/RPL-2207", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-2207"}, {"name": "ADV-2008-0422", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0422"}, {"name": "31687", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31687"}, {"name": "APPLE-SA-2010-03-29-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0056", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0056"}, {"name": "FEDORA-2008-1334", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html"}, {"name": "28966", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28966"}, {"name": "USN-586-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-586-1"}, {"name": "http://support.apple.com/kb/HT4077", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4077"}, {"name": "http://sourceforge.net/project/shownotes.php?release_id=559308&group_id=103", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?release_id=559308&group_id=103"}, {"name": "28916", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28916"}, {"name": "[Mailman-Announce] 20080203 Mailman 2.1.10b3 Released (was: Re: Mailman 2.1.10b1 Released)", "refsource": "MLIST", "url": "http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html"}, {"name": "20080215 rPSA-2008-0056-1 mailman", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/488236/100/0/threaded"}, {"name": "29388", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29388"}, {"name": "27630", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27630"}, {"name": "ADV-2011-0542", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0542"}, {"name": "28794", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28794"}, {"name": "29249", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29249"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=431526", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526"}, {"name": "43549", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43549"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:46:54.999Z"}, "title": "CVE Program Container", "references": [{"name": "SUSE-SR:2008:017", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"}, {"name": "MDVSA-2008:061", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061"}, {"name": "RHSA-2011:0307", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-2207"}, {"name": "ADV-2008-0422", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0422"}, {"name": "31687", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31687"}, {"name": "APPLE-SA-2010-03-29-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0056"}, {"name": "FEDORA-2008-1334", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html"}, {"name": "28966", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28966"}, {"name": "USN-586-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-586-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT4077"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?release_id=559308&group_id=103"}, {"name": "28916", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28916"}, {"name": "[Mailman-Announce] 20080203 Mailman 2.1.10b3 Released (was: Re: Mailman 2.1.10b1 Released)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html"}, {"name": "20080215 rPSA-2008-0056-1 mailman", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/488236/100/0/threaded"}, {"name": "29388", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29388"}, {"name": "27630", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27630"}, {"name": "ADV-2011-0542", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0542"}, {"name": "28794", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28794"}, {"name": "29249", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29249"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526"}, {"name": "43549", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43549"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0564", "datePublished": "2008-02-05T01:00:00.000Z", "dateReserved": "2008-02-04T00:00:00.000Z", "dateUpdated": "2024-08-07T07:46:54.999Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mailman:mailman:*:*:*:*:*:*:*:*", "matchCriteriaId": "66416D43-5E21-4153-A603-9D6A314EF494", "versionEndIncluding": "2.1.10b", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's \"info attribute\" in the web administrator interface, a different vulnerability than CVE-2006-3636."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)en Mailman en versiones anteriores a 2.1.10b1. Permiten a atacantes remotos inyectar scripts wet y HTMLs arbitrarios por medio de vectores sin especificar relacionados con (1)editar plantillas y (2) la lista \"info atribute\" en la interfaz del administrador web, una vulnerabilidad distinta a CVE-2006-3636."}], "id": "CVE-2008-0564", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-02-05T02:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"}, {"source": "cve@mitre.org", "url": "http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28794"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28916"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28966"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29249"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29388"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31687"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/43549"}, {"source": "cve@mitre.org", "url": "http://sourceforge.net/project/shownotes.php?release_id=559308&group_id=103"}, {"source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT4077"}, {"source": "cve@mitre.org", "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0056"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/488236/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27630"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-586-1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0422"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2011/0542"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526"}, {"source": "cve@mitre.org", "url": "https://issues.rpath.com/browse/RPL-2207"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28794"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28916"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28966"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29249"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29388"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31687"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/43549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://sourceforge.net/project/shownotes.php?release_id=559308&group_id=103"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT4077"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0056"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/488236/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/27630"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-586-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0422"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2011/0542"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.rpath.com/browse/RPL-2207"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=431526\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/\n", "lastModified": "2008-03-07T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:0307", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "mailman-3:2.1.5.1-34.rhel4.7", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2011-03-01T00:00:00Z"}, {"advisory": "RHSA-2011:0307", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "mailman-3:2.1.9-6.el5_6.1", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2011-03-01T00:00:00Z"}], "bugzilla": {"description": "mailman: XSS triggerable by list administrator", "id": "431526", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526"}, "csaw": false, "cvss": {"cvss_base_score": "4.0", "cvss_scoring_vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's \"info attribute\" in the web administrator interface, a different vulnerability than CVE-2006-3636."], "name": "CVE-2008-0564", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "mailman", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2008-01-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-0564\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-0564"], "threat_severity": "Low"}

{}