QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-4456

Back to search

CVE-2008-4456

Published: Oct 6, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

VendorProductVersions

n/a

n/a

affected
n/a

References

MDVSA-2009:094
vendor-advisory
x_refsource_MANDRIVA
USN-1397-1
vendor-advisory
x_refsource_UBUNTU
mysql-commandline-xss(45590)
vdb-entry
x_refsource_XF
oval:org.mitre.oval:def:11456
vdb-entry
signature
x_refsource_OVAL
38517
third-party-advisory
x_refsource_SECUNIA
DSA-1783
vendor-advisory
x_refsource_DEBIAN
USN-897-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2009:1289
vendor-advisory
x_refsource_REDHAT
32072
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2010-03-29-1
vendor-advisory
x_refsource_APPLE
RHSA-2010:0110
vendor-advisory
x_refsource_REDHAT
4357
third-party-advisory
x_refsource_SREASON
34907
third-party-advisory
x_refsource_SECUNIA
36566
third-party-advisory
x_refsource_SECUNIA
31486
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now