CVE-2008-4456

Advisory lineage Upstream: 0 Downstream: 4
Modified
Published: 06 Oct 2008, 23:00
Last modified:07 Aug 2024, 10:17

Vulnerability Summary

Overall Risk (default)
low
22/100
CVSS Score
2.6 LOW
v2.0 (nvd)
EPSS Score
6.32% LOW
6% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
2 found
Dark Web
Not detected

Timeline

06 Oct 2008, 23:00
Published
Vulnerability first disclosed
07 Aug 2024, 10:17
Last Modified
Vulnerability information updated

Description

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

CVSS Metrics

  • v2.0LOWScore: 2.6AV:N/AC:H/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 6.32% Percentile: 91%

Techniques & Countermeasures

  • CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Affected Systems

  • mysqlmysql

    5.0.4 | 5.0.30 | 5.0.36 | 5.0.44

  • oraclemysql

    5.0.26 | 5.0.27 | 5.0.30:sp1 | 5.0.32 | 5.0.33 | 5.0.37 | 5.0.38 | 5.0.41 | 5.0.42 | 5.0.45 | 5.0.67

References (23)