MySQL < 5.0.89 / 5.1.42 / 5.4.2 / 5.5.1 / 6.0.14 Client XSS

low Nessus Plugin ID 17811

Synopsis

A remote database client have a cross-site scripting vulnerability.

Description

The version of MySQL installed on the remote host is earlier than 5.0.89 / 5.1.42 / 5.4.2 / 5.5.1 / 6.0.14 and thus does not properly encode angle brackets when 'mysql --html' option is used. Depending on how the output of the mysql client command is processed, the user may be vulnerable to cross-site scripting attacks.

Solution

Upgrade to MySQL version 5.0.89 / 5.1.42 / 5.4.2 / 5.5.1 / 6.0.14 or later.

See Also

https://bugs.mysql.com/bug.php?id=27884

Plugin Details

Severity: Low

ID: 17811

File Name: mysql_6_0_14_XSS.nasl

Version: 1.6

Type: remote

Family: Databases

Published: 1/16/2012

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Frictionless Assessment Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 2

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:mysql:mysql

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 9/30/2008

Reference Information

CVE: CVE-2008-4456

BID: 31486

CWE: 79