cbcvebase.
CVE-2008-4456
published 2008-10-06

CVE-2008-4456: Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45…

PriorityP418low2.6CVSS 2.0
AVNACHAuNCNIPAN
EXPLOIT
EPSS
7.05%
93.4th percentile
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

Affected

15 ranges
VendorProductVersion rangeFixed in
mysqlmysql
mysqlmysql
mysqlmysql
mysqlmysql
oraclemysql
oraclemysql
oraclemysql
oraclemysql
oraclemysql
oraclemysql
oraclemysql
oraclemysql
oraclemysql
oraclemysql
oraclemysql

CVSS provenance

nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:P/A:N
vendor_ubuntu4.6MEDIUM
vendor_redhat2.6LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.