CVE-2008-4456
Published Oct 6, 2008
Last updated 5 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.6
- Impact score
- 2.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Vendor comments
- Red HatRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-4456 This issue was addressed for Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1289.html and Red Hat Enterprise Linux 4 by https://rhn.redhat.com/errata/RHSA-2010-0110.html . The Red Hat Security Response Team has rated this issue as having low security impact, future MySQL package updates may address this flaw for Red Hat Enterprise Linux 3, and Red Hat Application Stack 2.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "754B78F2-A03C-40BE-812B-F5E57B93D20B"
},
{
"criteria": "cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BEF9271A-A816-44F6-A811-ECC1FB0993C5"
},
{
"criteria": "cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F482D3D3-205C-495E-AF3A-E9C3018111F7"
},
{
"criteria": "cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "53853D65-F2C6-410F-9CF8-DED19B66BD4E"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "811780EA-8805-41A6-A920-A201CCC80790"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.0.27:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11873AEA-5D6C-4AC0-915A-8A2869B2EFF5"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7753CE5-61C4-4FBC-BB60-F7D4493E76E3"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7EDC2EB4-2C8D-4EF7-83A6-CBE6FF759DD0"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.0.33:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5965032E-5BC0-4E69-B097-F9EE2B24C861"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.0.37:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35F21A5A-F9C0-4860-80AD-1D3937483F28"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B54F660F-AE43-4F3B-8935-5712CAE860A9"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4413BB52-6FBD-4C12-8864-ADDC65E45B25"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B49F9BA-560B-40AE-9457-436830CDD371"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F53A8437-C61A-4203-B341-B5596569E50B"
},
{
"criteria": "cpe:2.3:a:oracle:mysql:5.0.67:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C98C5EFF-B629-4FFF-B535-0C25DADD1C25"
}
],
"operator": "OR"
}
]
}
]