Описание
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 5.1.41-3ubuntu2 |
| hardy | DNE | |
| jaunty | DNE | |
| karmic | DNE | |
| lucid | DNE | |
| maverick | not-affected | 5.1.41-3ubuntu2 |
| natty | not-affected | 5.1.41-3ubuntu2 |
| upstream | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 5.0.22-0ubuntu6.06.12 |
| devel | DNE | |
| feisty | ignored | end of life, was needed |
| gutsy | ignored | end of life, was needed |
| hardy | released | 5.0.51a-3ubuntu5.5 |
| intrepid | released | 5.0.67-0ubuntu6.1 |
| jaunty | released | 5.1.30really5.0.75-0ubuntu10.3 |
| karmic | ignored | end of life |
| lucid | DNE | |
| maverick | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| intrepid | DNE | |
| jaunty | ignored | end of life |
| karmic | not-affected | 5.1.37-1ubuntu5 |
| lucid | not-affected | 5.1.41-3ubuntu2 |
| maverick | DNE | |
| natty | DNE | |
| upstream | needs-triage |
Показывать по
EPSS
2.6 Low
CVSS2
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
Cross-site scripting (XSS) vulnerability in the command-line client in ...
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
ELSA-2009-1289: mysql security and bug fix update (MODERATE)
EPSS
2.6 Low
CVSS2