Oval Definition:oval:org.mitre.oval:def:11456
Revision Date:2013-04-29Version:12
Title:Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
Description:Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2008-4456
Platform(s):CentOS Linux 4
CentOS Linux 5
Oracle Linux 4
Oracle Linux 5
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Product(s):
Definition Synopsis
  • OS Section: RHEL4, CentOS4, Oracle Linux 4
  • RHEL4, CentOS4 or Oracle Linux 4
  • The operating system installed on the system is Red Hat Enterprise Linux 4
  • OR CentOS Linux 4.x
  • OR Oracle Linux 4.x
  • AND Configuration section
  • mysql is earlier than 0:4.1.22-2.el4_8.3
  • OR mysql-devel is earlier than 0:4.1.22-2.el4_8.3
  • OR mysql-bench is earlier than 0:4.1.22-2.el4_8.3
  • OR mysql-server is earlier than 0:4.1.22-2.el4_8.3
  • OR OS Section: RHEL5, CentOS5, Oracle Linux 5
  • RHEL5, CentOS5 or Oracle Linux 5
  • The operating system installed on the system is Red Hat Enterprise Linux 5
  • OR The operating system installed on the system is CentOS Linux 5.x
  • OR Oracle Linux 5.x
  • AND Configuration section
  • mysql is earlier than 0:5.0.77-3.el5
  • OR mysql-devel is earlier than 0:5.0.77-3.el5
  • OR mysql-test is earlier than 0:5.0.77-3.el5
  • OR mysql-bench is earlier than 0:5.0.77-3.el5
  • OR mysql-server is earlier than 0:5.0.77-3.el5
    • BACK