New Search

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45 and other versions including versions later than 5.0.45 when the --html option is enabled allows attackers to inject arbitrary web script or HTML by placing it in a database cell which might be accessed by this client when composing an HTML document. NOTE: as of 20081031 the issue has not been fixed in MySQL 5.0.67.

oval:org.mitre.oval:def:11456

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45 and other versions including versions later than 5.0.45 when the --html option is enabled allows attackers to inject arbitrary web script or HTML by placing it in a database cell which might be accessed by this client when composing an HTML document. NOTE: as of 20081031 the issue has not been fixed in MySQL 5.0.67.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 4
  • Oracle Linux 5
  • Oracle Linux 4
  • Red Hat Enterprise Linux 5
  • CentOS Linux 5
  • CentOS Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2008-4456
Product(s):