Veracode Vulnerability DatabaseVERACODE:23820Cross-site Scripting (XSS)
0.014 Low
EPSS
Percentile
86.3%
mysql is vulnerable to cross-site scripting (XSS). The vulnerability exists as an insufficient HTML entities quoting flaw was found in the mysql command line client’s HTML output mode. If an attacker was able to inject arbitrary HTML tags into data stored in a MySQL database, which was later retrieved using the mysql command line client and its HTML output mode, they could perform a cross-site scripting (XSS) attack against victims viewing the HTML output in a web browser.
References
bugs.mysql.com/bug.php?id=27884
lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
seclists.org/bugtraq/2008/Oct/0026.html
secunia.com/advisories/32072
secunia.com/advisories/34907
secunia.com/advisories/36566
secunia.com/advisories/38517
securityreason.com/securityalert/4357
support.apple.com/kb/HT4077
ubuntu.com/usn/usn-897-1
www.debian.org/security/2009/dsa-1783
www.henlich.de/it-security/mysql-command-line-client-html-injection-vulnerability
www.mandriva.com/security/advisories?name=MDVSA-2009:094
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2009-1289.html
www.redhat.com/support/errata/RHSA-2010-0110.html
www.securityfocus.com/archive/1/496842/100/0/threaded
www.securityfocus.com/archive/1/496877/100/0/threaded
www.securityfocus.com/archive/1/497158/100/0/threaded
www.securityfocus.com/archive/1/497885/100/0/threaded
www.securityfocus.com/bid/31486
www.ubuntu.com/usn/USN-1397-1
access.redhat.com/errata/RHSA-2009:1461
exchange.xforce.ibmcloud.com/vulnerabilities/45590
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11456
Related
