CVE-2008-4456

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

Published: Oct 7, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-4456
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
mysql / mysql	5.0.44	5.0.44.x
mysql / mysql	5.0.30	5.0.30.x
mysql / mysql	5.0.4	5.0.4.x
mysql / mysql	5.0.36	5.0.36.x
oracle / mysql	5.0.26	5.0.26.x
oracle / mysql	5.0.27	5.0.27.x
oracle / mysql	5.0.30-sp1	5.0.30-sp1.x
oracle / mysql	5.0.32	5.0.32.x
oracle / mysql	5.0.33	5.0.33.x
oracle / mysql	5.0.37	5.0.37.x
oracle / mysql	5.0.38	5.0.38.x
oracle / mysql	5.0.41	5.0.41.x
oracle / mysql	5.0.42	5.0.42.x
oracle / mysql	5.0.45	5.0.45.x
oracle / mysql	5.0.67	5.0.67.x

Vulnerability Database

289,599

CVE-2008-4456