CVE-2008-4456

Name of the Vulnerable Software and Affected Versions: MySQL versions 5.0.26 through 5.0.45 MySQL versions later than 5.0.45

Description: A cross-site scripting (XSS) issue exists in the command-line client when the --html option is enabled, allowing attackers to inject arbitrary web script or HTML by placing it in a database cell. This could be accessed by the client when composing an HTML document.

Recommendations: For MySQL versions 5.0.26 through 5.0.45, consider disabling the --html option to prevent exploitation. For MySQL versions later than 5.0.45, consider disabling the --html option to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.