CVE-2008-0564

{"id": "CVE-2008-0564", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-02-05T02:00:00.000", "references": [{"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", "source": "cve@mitre.org"}, {"url": "http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28794", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28916", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28966", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29249", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29388", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31687", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/43549", "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=559308&group_id=103", "source": "cve@mitre.org"}, {"url": "http://support.apple.com/kb/HT4077", "source": "cve@mitre.org"}, {"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0056", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0307.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/488236/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27630", "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-586-1", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0422", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2011/0542", "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=431526", "source": "cve@mitre.org"}, {"url": "https://issues.rpath.com/browse/RPL-2207", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's \"info attribute\" in the web administrator interface, a different vulnerability than CVE-2006-3636."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)en Mailman en versiones anteriores a 2.1.10b1. Permiten a atacantes remotos inyectar scripts wet y HTMLs arbitrarios por medio de vectores sin especificar relacionados con (1)editar plantillas y (2) la lista \"info atribute\" en la interfaz del administrador web, una vulnerabilidad distinta a CVE-2006-3636."}], "lastModified": "2018-10-15T22:01:15.787", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mailman:mailman:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66416D43-5E21-4153-A603-9D6A314EF494", "versionEndIncluding": "2.1.10b"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=431526\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/\n", "lastModified": "2008-03-07T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}