CVE-2008-0564 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list’s \info attribute\ in the web administrator interface a different vulnerability than CVE-2006-3636.

Reference

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://mail.python.org/pipermail/mailman-announce/2008-February/000096.html http://secunia.com/advisories/28794 http://secunia.com/advisories/28916 http://secunia.com/advisories/28966 http://secunia.com/advisories/29249 http://secunia.com/advisories/29388 http://secunia.com/advisories/31687 http://secunia.com/advisories/43549 http://sourceforge.net/project/shownotes.php?release_id=559308&group_id=103 http://support.apple.com/kb/HT4077 http://wiki.rpath.com/Advisories:rPSA-2008-0056 http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:061 http://www.redhat.com/support/errata/RHSA-2011-0307.html http://www.securityfocus.com/archive/1/488236/100/0/threaded http://www.securityfocus.com/bid/27630 http://www.ubuntu.com/usn/usn-586-1 http://www.vupen.com/english/advisories/2008/0422 http://www.vupen.com/english/advisories/2011/0542 https://bugzilla.redhat.com/show_bug.cgi?id=431526 https://issues.rpath.com/browse/RPL-2207 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00452.html