Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. NOTE: as of 20081031, the issue has not been fixed in MySQL 5.0.67.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MySQL命令行客户端HTML注入漏洞
Vulnerability Description
Oracle MySQL是美国甲骨文(Oracle)公司的一套开源的关系数据库管理系统。该数据库系统具有性能高、成本低、可靠性好等特点。 mysql命令行客户端工具没有在输出中引用"&"、"<"、">"、"""等特殊HTML字符,如果远程攻击者拥有向表格写入数据的权限的话,就可以在输出中注入JavaScript等代码。当用户查看恶意数据库项的HTML输出时,就会在浏览器会话中执行注入的脚本代码。
CVSS Information
N/A
Vulnerability Type
N/A