Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
2.6
CVSSv2

CVE-2008-4456

Published: 06/10/2008 Updated: 17/12/2019
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 265
Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Subscribe to Mysql

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 up to and including 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows malicious users to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

Vulnerable Product Search on Vulmon Subscribe to Product

oracle mysql 5.0.32

oracle mysql 5.0.33

oracle mysql 5.0.45

oracle mysql 5.0.67

mysql mysql 5.0.30

oracle mysql 5.0.30

mysql mysql 5.0.36

oracle mysql 5.0.37

oracle mysql 5.0.41

oracle mysql 5.0.42

mysql mysql 5.0.44

oracle mysql 5.0.26

oracle mysql 5.0.27

oracle mysql 5.0.38

mysql mysql 5.0.4

Vendor Advisories

Red Hat: Moderate: mysql security update
Synopsis Moderate: mysql security update Type/Severity Security Advisory: Moderate Topic Updated mysql packages that fix several security issues are now availablefor Red Hat Enterprise Linux 4This update has been rated as having moderate security impact by the RedHat Security Response Team Descri ...
Debian Security Advisories: DSA-1783-1 mysql-dfsg-5.0 -- multiple vulnerabilities
Multiple vulnerabilities have been identified affecting MySQL, a relational database server, and its associated interactive client application The Common Vulnerabilities and Exposures project identifies the following two problems: CVE-2008-3963 Kay Roepke reported that the MySQL server would not properly handle an empty bit-string literal ...
Ubuntu Security Notice: mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities
Several security issues were fixed in MySQL ...
Ubuntu Security Notice: mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities
It was discovered that MySQL could be made to overwrite existing table files in the data directory An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks This update alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY o ...

Exploits

Exploit DB: MySQL 5 - Command Line Client HTML Special Characters HTML Injection
source: wwwsecurityfocuscom/bid/31486/info MySQL is prone to an HTML-injection vulnerability because the application's command-line client fails to properly sanitize user-supplied input before using it in dynamically generated content Attacker-supplied HTML and script code would run in the context of the affected browser, potentially al ...

References

CWE-79http://bugs.mysql.com/bug.php?id=27884http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerabilityhttp://secunia.com/advisories/32072http://seclists.org/bugtraq/2008/Oct/0026.htmlhttp://securityreason.com/securityalert/4357http://www.mandriva.com/security/advisories?name=MDVSA-2009:094http://secunia.com/advisories/34907http://www.debian.org/security/2009/dsa-1783http://www.securityfocus.com/bid/31486http://www.redhat.com/support/errata/RHSA-2010-0110.htmlhttp://secunia.com/advisories/38517http://ubuntu.com/usn/usn-897-1http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://support.apple.com/kb/HT4077http://secunia.com/advisories/36566http://www.redhat.com/support/errata/RHSA-2009-1289.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/45590https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11456http://www.ubuntu.com/usn/USN-1397-1http://www.securityfocus.com/archive/1/497885/100/0/threadedhttp://www.securityfocus.com/archive/1/497158/100/0/threadedhttp://www.securityfocus.com/archive/1/496877/100/0/threadedhttp://www.securityfocus.com/archive/1/496842/100/0/threadedhttps://access.redhat.com/errata/RHSA-2010:0110https://nvd.nist.govhttps://usn.ubuntu.com/1397-1/https://www.exploit-db.com/exploits/32445/https://www.debian.org/security/./dsa-1783
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook