Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2008-4456

Опубликовано: 06 окт. 2008
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 2.6

Описание

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

РелизСтатусПримечание
dapper

DNE

devel

not-affected

5.1.41-3ubuntu2
hardy

DNE

jaunty

DNE

karmic

DNE

lucid

DNE

maverick

not-affected

5.1.41-3ubuntu2
natty

not-affected

5.1.41-3ubuntu2
upstream

not-affected

Показывать по

РелизСтатусПримечание
dapper

released

5.0.22-0ubuntu6.06.12
devel

DNE

feisty

ignored

end of life, was needed
gutsy

ignored

end of life, was needed
hardy

released

5.0.51a-3ubuntu5.5
intrepid

released

5.0.67-0ubuntu6.1
jaunty

released

5.1.30really5.0.75-0ubuntu10.3
karmic

ignored

end of life
lucid

DNE

maverick

DNE

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

hardy

DNE

intrepid

DNE

jaunty

ignored

end of life
karmic

not-affected

5.1.37-1ubuntu5
lucid

not-affected

5.1.41-3ubuntu2
maverick

DNE

natty

DNE

upstream

needs-triage

Показывать по

EPSS

Процентиль: 91%
0.0634
Низкий

2.6 Low

CVSS2

Связанные уязвимости

redhat
больше 16 лет назад

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

nvd
больше 16 лет назад

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

debian
больше 16 лет назад

Cross-site scripting (XSS) vulnerability in the command-line client in ...

github
около 3 лет назад

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

oracle-oval
почти 16 лет назад

ELSA-2009-1289: mysql security and bug fix update (MODERATE)

EPSS

Процентиль: 91%
0.0634
Низкий

2.6 Low

CVSS2