You are here

CVE-2008-4456

Vincent (CVE) Danen's picture
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

Details Source

Mitre

Statement

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-4456

This issue was addressed for Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1289.html and Red Hat Enterprise Linux 4 by https://rhn.redhat.com/errata/RHSA-2010-0110.html .

The Red Hat Security Response Team has rated this issue as having low security impact, future MySQL package updates may address this flaw for Red Hat Enterprise Linux 3, and Red Hat Application Stack 2.

Public Date

2008-09-30 00:00:00

Impact

Low

Bugzilla

CVE-2008-4456 mysql: mysql command line client XSS flaw

Bugzilla ID

466 518

CVSS Status

verified

Base Score

1.70

Base Metrics

AV:L/AC:L/Au:S/C:N/I:P/A:N

Red Hat Security Errata

Platform Errata Release Date
Red Hat Application Stack v2 for Enterprise Linux (v.5) RHSA-2009:1461 2009-09-23
Red Hat Enterprise Linux 5 (mysql) RHSA-2009:1289 2009-09-02
Red Hat Enterprise Linux 4 (mysql) RHSA-2010:0110 2010-02-16

CWE

CWE-79