Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 up to and including 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows malicious users to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle mysql 5.0.32 |
||
oracle mysql 5.0.33 |
||
oracle mysql 5.0.45 |
||
oracle mysql 5.0.67 |
||
mysql mysql 5.0.30 |
||
oracle mysql 5.0.30 |
||
mysql mysql 5.0.36 |
||
oracle mysql 5.0.37 |
||
oracle mysql 5.0.41 |
||
oracle mysql 5.0.42 |
||
mysql mysql 5.0.44 |
||
oracle mysql 5.0.26 |
||
oracle mysql 5.0.27 |
||
oracle mysql 5.0.38 |
||
mysql mysql 5.0.4 |