CVE
- Id
- 34573
- CVE No.
- CVE-2008-4456
- Status
- Candidate
- Description
- Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
- Phase
- Assigned (20081006)
- Votes
- None (candidate not yet proposed)
- Comments
Related CVE References
| Id | CVE Id | CVE No. | Reference | Actions |
|---|---|---|---|---|
| 378669 | 34573 | CVE-2008-4456 | BUGTRAQ:20080930 MySQL command-line client HTML injection vulnerability | View |
| 378670 | 34573 | CVE-2008-4456 | URL:http://www.securityfocus.com/archive/1/archive/1/496842/100/0/threaded | View |
| 378671 | 34573 | CVE-2008-4456 | BUGTRAQ:20080930 RE: MySQL command-line client HTML injection vulnerability | View |
| 378672 | 34573 | CVE-2008-4456 | URL:http://www.securityfocus.com/archive/1/archive/1/496877/100/0/threaded | View |
| 378673 | 34573 | CVE-2008-4456 | BUGTRAQ:20081004 RE: RE: MySQL command-line client HTML injection vulnerability | View |
| 378674 | 34573 | CVE-2008-4456 | URL:http://seclists.org/bugtraq/2008/Oct/0026.html | View |
| 378675 | 34573 | CVE-2008-4456 | BUGTRAQ:20081008 Re: MySQL command-line client HTML injection vulnerability | View |
| 378676 | 34573 | CVE-2008-4456 | URL:http://www.securityfocus.com/archive/1/archive/1/497158/100/0/threaded | View |
| 378677 | 34573 | CVE-2008-4456 | BUGTRAQ:20081029 Re: MySQL command-line client HTML injection vulnerability | View |
| 378678 | 34573 | CVE-2008-4456 | URL:http://www.securityfocus.com/archive/1/archive/1/497885/100/0/threaded | View |
| 378679 | 34573 | CVE-2008-4456 | MISC:http://www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability | View |
| 378680 | 34573 | CVE-2008-4456 | CONFIRM:http://bugs.mysql.com/bug.php?id=27884 | View |
| 378681 | 34573 | CVE-2008-4456 | CONFIRM:http://support.apple.com/kb/HT4077 | View |
| 378682 | 34573 | CVE-2008-4456 | APPLE:APPLE-SA-2010-03-29-1 | View |
| 378683 | 34573 | CVE-2008-4456 | URL:http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html | View |
| 378684 | 34573 | CVE-2008-4456 | DEBIAN:DSA-1783 | View |
| 378685 | 34573 | CVE-2008-4456 | URL:http://www.debian.org/security/2009/dsa-1783 | View |
| 378686 | 34573 | CVE-2008-4456 | MANDRIVA:MDVSA-2009:094 | View |
| 378687 | 34573 | CVE-2008-4456 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:094 | View |
| 378688 | 34573 | CVE-2008-4456 | REDHAT:RHSA-2010:0110 | View |
| 378689 | 34573 | CVE-2008-4456 | URL:http://www.redhat.com/support/errata/RHSA-2010-0110.html | View |
| 378690 | 34573 | CVE-2008-4456 | REDHAT:RHSA-2009:1289 | View |
| 378691 | 34573 | CVE-2008-4456 | URL:http://www.redhat.com/support/errata/RHSA-2009-1289.html | View |
| 378692 | 34573 | CVE-2008-4456 | UBUNTU:USN-897-1 | View |
| 378693 | 34573 | CVE-2008-4456 | URL:http://ubuntu.com/usn/usn-897-1 | View |
| 378694 | 34573 | CVE-2008-4456 | BID:31486 | View |
| 378695 | 34573 | CVE-2008-4456 | URL:http://www.securityfocus.com/bid/31486 | View |
| 378696 | 34573 | CVE-2008-4456 | OVAL:oval:org.mitre.oval:def:11456 | View |
| 378697 | 34573 | CVE-2008-4456 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11456 | View |
| 378698 | 34573 | CVE-2008-4456 | SECUNIA:32072 | View |
| 378699 | 34573 | CVE-2008-4456 | URL:http://secunia.com/advisories/32072 | View |
| 378700 | 34573 | CVE-2008-4456 | SECUNIA:34907 | View |
| 378701 | 34573 | CVE-2008-4456 | URL:http://secunia.com/advisories/34907 | View |
| 378702 | 34573 | CVE-2008-4456 | SECUNIA:38517 | View |
| 378703 | 34573 | CVE-2008-4456 | URL:http://secunia.com/advisories/38517 | View |
| 378704 | 34573 | CVE-2008-4456 | SECUNIA:36566 | View |
| 378705 | 34573 | CVE-2008-4456 | URL:http://secunia.com/advisories/36566 | View |
| 378706 | 34573 | CVE-2008-4456 | SREASON:4357 | View |
| 378707 | 34573 | CVE-2008-4456 | URL:http://securityreason.com/securityalert/4357 | View |
| 378708 | 34573 | CVE-2008-4456 | XF:mysql-commandline-xss(45590) | View |
Related JVN
| Id | JVN No. | Title | Summary | CVE No. | CVE Id | CVSS_v2 | CVSS_v3 | JVN URL | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 50968 | JVNDB-2008-006278 | Vastal I-Tech MMORPG Zone の game.php における SQL インジェクションの脆弱性 | Vastal I-Tech MMORPG Zone の game.php には、SQL インジェクションの脆弱性が存在します。 | CVE-2008-4460 | 34573 | 7.5 | http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-006278.html | View |
