Описание
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
Релиз | Статус | Примечание |
---|---|---|
dapper | DNE | |
devel | not-affected | 5.1.41-3ubuntu2 |
hardy | DNE | |
jaunty | DNE | |
karmic | DNE | |
lucid | DNE | |
maverick | not-affected | 5.1.41-3ubuntu2 |
natty | not-affected | 5.1.41-3ubuntu2 |
upstream | not-affected |
Показывать по
Релиз | Статус | Примечание |
---|---|---|
dapper | released | 5.0.22-0ubuntu6.06.12 |
devel | DNE | |
feisty | ignored | end of life, was needed |
gutsy | ignored | end of life, was needed |
hardy | released | 5.0.51a-3ubuntu5.5 |
intrepid | released | 5.0.67-0ubuntu6.1 |
jaunty | released | 5.1.30really5.0.75-0ubuntu10.3 |
karmic | ignored | end of life |
lucid | DNE | |
maverick | DNE |
Показывать по
Релиз | Статус | Примечание |
---|---|---|
dapper | DNE | |
devel | DNE | |
hardy | DNE | |
intrepid | DNE | |
jaunty | ignored | end of life |
karmic | not-affected | 5.1.37-1ubuntu5 |
lucid | not-affected | 5.1.41-3ubuntu2 |
maverick | DNE | |
natty | DNE | |
upstream | needs-triage |
Показывать по
EPSS
2.6 Low
CVSS2
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
Cross-site scripting (XSS) vulnerability in the command-line client in ...
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
ELSA-2009-1289: mysql security and bug fix update (MODERATE)
EPSS
2.6 Low
CVSS2