CVE-2008-4456
N/A
N/A
Summary
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the –html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/archive/1/497885/100/0/threaded
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
- http://www.ubuntu.com/usn/USN-1397-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45590
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11456
- http://www.securityfocus.com/archive/1/497158/100/0/threaded
- http://secunia.com/advisories/38517
- http://www.debian.org/security/2009/dsa-1783
- http://bugs.mysql.com/bug.php?id=27884
- http://ubuntu.com/usn/usn-897-1
- http://www.redhat.com/support/errata/RHSA-2009-1289.html
- http://secunia.com/advisories/32072
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://www.securityfocus.com/archive/1/496842/100/0/threaded
- http://support.apple.com/kb/HT4077
- http://www.redhat.com/support/errata/RHSA-2010-0110.html
- http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability
- http://seclists.org/bugtraq/2008/Oct/0026.html
- http://securityreason.com/securityalert/4357
- http://secunia.com/advisories/34907
- http://www.securityfocus.com/archive/1/496877/100/0/threaded
- http://secunia.com/advisories/36566
- http://www.securityfocus.com/bid/31486
References
- http://www.securityfocus.com/archive/1/497885/100/0/threaded
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:094
- http://www.ubuntu.com/usn/USN-1397-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45590
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11456
- http://www.securityfocus.com/archive/1/497158/100/0/threaded
- http://secunia.com/advisories/38517
- http://www.debian.org/security/2009/dsa-1783
- http://bugs.mysql.com/bug.php?id=27884
- http://ubuntu.com/usn/usn-897-1
- http://www.redhat.com/support/errata/RHSA-2009-1289.html
- http://secunia.com/advisories/32072
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
- http://www.securityfocus.com/archive/1/496842/100/0/threaded
- http://support.apple.com/kb/HT4077
- http://www.redhat.com/support/errata/RHSA-2010-0110.html
- http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability
- http://seclists.org/bugtraq/2008/Oct/0026.html
- http://securityreason.com/securityalert/4357
- http://secunia.com/advisories/34907
- http://www.securityfocus.com/archive/1/496877/100/0/threaded
- http://secunia.com/advisories/36566
- http://www.securityfocus.com/bid/31486
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.