SUSE-SR:2008:017:vuln4: mailman cross site scripting

Back to Search

SUSE-SR:2008:017:vuln4: mailman cross site scripting

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

08/29/2008

Created

07/25/2018

Added

09/09/2008

Modified

11/18/2015

Description

Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web administrator interface, a different vulnerability than CVE-2006-3636.

Solution(s)

References

https://attackerkb.com/topics/cve-2008-0564
APPLE-SA-2010-03-29-1
27630
CVE - 2008-0564
RHSA-2011:0307
http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html
http://sourceforge.net/project/shownotes.php?release_id=559308&group_id=103
http://wiki.rpath.com/Advisories:rPSA-2008-0056
http://www.frsirt.com/english/advisories/2008/0422
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061
http://www.novell.com/linux/security/advisories/2008_17_sr.html
http://www.securityfocus.com/archive/1/archive/1/488236/100/0/threaded
http://www.ubuntu.com/usn/usn-586-1
https://bugzilla.redhat.com/show_bug.cgi?id=431526
https://issues.rpath.com/browse/RPL-2207
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html

Advanced vulnerability management analytics and reporting.

Key Features

Lightweight Endpoint Agent
Live Dashboards
Real Risk Prioritization
IT-Integrated Remediation Projects
Cloud, Virtual, and Container Assessment
Integrated Threat Feeds
Easy-to-Use RESTful API
Automation-Assisted Patching
Automated Containment

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

SUSE-SR:2008:017:vuln4: mailman cross site scripting