Home > Vulnerability Database > CVE-2008-4456

Mend.io Vulnerability Database

CVE-2008-4456

Date: October 6, 2008

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

Severity Score

3.7

Related Resources (26)

Url: http://secunia.com/advisories/38517

Url: http://secunia.com/advisories/32072

Url: https://access.redhat.com/security/cve/CVE-2008-4456

Url: http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability

Url: http://www.securityfocus.com/archive/1/497885/100/0/threaded

Url: http://securityreason.com/securityalert/4357

Url: http://www.securityfocus.com/archive/1/497158/100/0/threaded

Url: http://seclists.org/bugtraq/2008/Oct/0026.html

Url: http://bugs.mysql.com/bug.php?id=27884

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-4456

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/45590

Url: http://ubuntu.com/usn/usn-897-1

Url: http://www.debian.org/security/2009/dsa-1783

Url: http://www.redhat.com/support/errata/RHSA-2009-1289.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:094

Url: http://www.redhat.com/support/errata/RHSA-2010-0110.html

Url: http://support.apple.com/kb/HT4077

Url: http://secunia.com/advisories/36566

Url: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

Url: http://www.securityfocus.com/archive/1/496842/100/0/threaded

Url: http://www.securityfocus.com/archive/1/496877/100/0/threaded

Url: http://www.securityfocus.com/bid/31486

Url: http://www.ubuntu.com/usn/USN-1397-1

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11456

Url: http://secunia.com/advisories/34907

Url: https://www.mend.io/vulnerability-database/CVE-2008-4456

Severity Score

3.7

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	2.6
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-4456

Date: October 6, 2008

Severity Score

Related Resources (26)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?