mysql: cross-site scripting
| Package(s): | mysql |
CVE #(s): | CVE-2008-4456
|
| Created: | April 29, 2009 |
Updated: | March 8, 2010 |
| Description: |
From the Debian advisory: Thomas Henlich reported that the MySQL commandline client application
did not encode HTML special characters when run in HTML output mode
(that is, "mysql --html ..."). This could potentially lead to
cross-site scripting or unintended script privilege escalation if
the resulting output is viewed in a browser or incorporated into
a web site. |
| Alerts: |
| Ubuntu |
USN-1397-1 |
mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 |
2012-03-12 |
| Gentoo |
201201-02 |
mysql |
2012-01-05 |
| rPath |
rPSA-2010-0014-1 |
mysql |
2010-03-07 |
| Ubuntu |
USN-897-1 |
mysql-dfsg-5.0, mysql-dfsg-5.1 |
2010-02-10 |
| Mandriva |
MDVSA-2009:326 |
mysql |
2009-12-07 |
| CentOS |
CESA-2010:0110 |
mysql |
2010-02-17 |
| Red Hat |
RHSA-2010:0110-01 |
mysql |
2010-02-16 |
| Red Hat |
RHSA-2009:1461-01 |
Red Hat Application Stack |
2009-09-23 |
| CentOS |
CESA-2009:1289 |
mysql |
2009-09-15 |
| Red Hat |
RHSA-2009:1289-02 |
mysql |
2009-09-02 |
| SuSE |
SUSE-SR:2009:014 |
dnsmasq, icu, libcurl3/libcurl2/curl/compat-curl2, Xerces-c/xerces-j2, tiff/libtiff, acroread_ja, xpdf, xemacs, mysql, squirrelmail, OpenEXR, wireshark |
2009-09-01 |
| Debian |
DSA-1783 |
mysql-dfsg-5.0 |
2009-04-29 |
|
