Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4456Cross-site Scripting in Mysql

CWE-79Cross-site Scripting7 documents6 sources
Severity
2.6LOWNVD
EPSS
6.3%
top 8.99%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
MysqlOracle Mysql
Timeline
PublishedOct 6
Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

NVDmysql/mysql4 versions+3
NVDoracle/mysql11 versions+10

🔴Vulnerability Details

1
GHSA
GHSA-wwgr-xr73-wm3j: Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 52022-05-02

💥Exploits & PoCs

1
Exploit-DB
MySQL 5 - Command Line Client HTML Special Characters HTML Injection2008-09-30

📋Vendor Advisories

3
Ubuntu
MySQL vulnerabilities2012-03-12
Ubuntu
MySQL vulnerabilities2010-02-10
Red Hat
mysql: mysql command line client XSS flaw2008-09-30

💬Community

1
Bugzilla
CVE-2008-4456 mysql: mysql command line client XSS flaw2008-10-10
CVE-2008-4456 — Cross-site Scripting in Mysql | cvebase