FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-0564

This CVE name corresponds to:

Entered Topic
2008-04-25 mailman -- script insertion vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-0564 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-0564
Phase Assigned(20080204)

Description

Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636.

References

Source Reference
BUGTRAQ 20080215 rPSA-2008-0056-1 mailman
MLIST [Mailman-Announce] 20080203 Mailman 2.1.10b3 Released (was: Re: Mailman 2.1.10b1 Released)
CONFIRM http://sourceforge.net/project/shownotes.php?release_id=559308&group_id=103
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=431526
CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0056
CONFIRM https://issues.rpath.com/browse/RPL-2207
CONFIRM http://support.apple.com/kb/HT4077
APPLE APPLE-SA-2010-03-29-1
FEDORA FEDORA-2008-1334
MANDRIVA MDVSA-2008:061
REDHAT RHSA-2011:0307
SUSE SUSE-SR:2008:017
UBUNTU USN-586-1
BID 27630
SECUNIA 43549
VUPEN ADV-2008-0422
SECUNIA 28794
SECUNIA 28916
SECUNIA 28966
SECUNIA 29249
SECUNIA 29388
SECUNIA 31687
VUPEN ADV-2011-0542

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.