WEB APPLICATION VULNERABILITIES Standard & Premium

MySQL Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-4456)

Description

Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.

Remediation

References

Related Vulnerabilities

Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10687)

WordPress Plugin Vmax Project Manager Local File Inclusion (1.1)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-12099)

WordPress 5.9.x Shortcode Execution (5.9 - 5.9.6)

WordPress Plugin WP Fastest Cache Directory Traversal (0.9.1.6)

Severity

Low

Classification

CVE-2008-4456 CWE-707

Tags

Missing Update Known Vulnerabilities