PT-2008-5690 · Oracle+1 · Mysql Server+1

Published

2008-10-06

·

Updated

2019-12-17

·

CVE-2008-4456

CVSS v2.0

2.6

Low

VectorAV:N/AC:H/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions: MySQL versions 5.0.26 through 5.0.45 MySQL versions later than 5.0.45
Description: A cross-site scripting (XSS) issue exists in the command-line client when the --html option is enabled, allowing attackers to inject arbitrary web script or HTML by placing it in a database cell. This could be accessed by the client when composing an HTML document.
Recommendations: For MySQL versions 5.0.26 through 5.0.45, consider disabling the --html option to prevent exploitation. For MySQL versions later than 5.0.45, consider disabling the --html option to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2008-4456
DSA-1783-1
RHSA-2009:1289
RHSA-2009:1461
RHSA-2009_1289
RHSA-2010:0110
RHSA-2010_0110

Affected Products

Mysql Server
Red Hat