Vulnerability Details : CVE-2008-0564
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2008-0564
- cpe:2.3:a:mailman:mailman:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-0564
1.87%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-0564
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2008-0564
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-0564
-
Red Hat 2008-03-07Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=431526 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
References for CVE-2008-0564
-
https://bugzilla.redhat.com/show_bug.cgi?id=431526
431526 – (CVE-2008-0564) CVE-2008-0564 mailman: XSS triggerable by list administrator
-
http://www.ubuntu.com/usn/usn-586-1
USN-586-1: mailman vulnerability | Ubuntu security notices | Ubuntu
-
http://www.redhat.com/support/errata/RHSA-2011-0307.html
Support
-
https://issues.rpath.com/browse/RPL-2207
-
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061
Mandriva
-
http://sourceforge.net/project/shownotes.php?release_id=559308&group_id=103
Mailman download | SourceForge.net
-
http://www.vupen.com/english/advisories/2011/0542
Webmail | OVH- OVH
-
http://support.apple.com/kb/HT4077
About the security content of Security Update 2010-002 / Mac OS X v10.6.3 - Apple Support
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html
[SECURITY] Fedora 8 Update: mailman-2.1.9-8.2.fc8
-
http://wiki.rpath.com/Advisories:rPSA-2008-0056
-
http://www.securityfocus.com/bid/27630
-
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html
[security-announce] SUSE Security Summary Report SUSE-SR:2008:017 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html
[Mailman-Announce] Mailman 2.1.10b3 Released (was: Re: Mailman 2.1.10b1 Released)
-
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Apple - Lists.apple.com
-
http://www.securityfocus.com/archive/1/488236/100/0/threaded
-
http://www.vupen.com/english/advisories/2008/0422
Site en construction
Jump to