27 matches found
EUVD-2019-8949
Malware in sbrugna...
EUVD-2025-10824
Malicious code in bioql PyPI...
CVE-2019-19329
In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no...
CVE-2025-32071
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikidata Extension allows Cross-Site Scripting XSS from widthheight message via ImageHandler::getDimensionsStringThis issue affects Mediawiki - Wikidata Extension: from 1.39 through 1.43...
CVE-2025-32071
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikidata Extension allows Cross-Site Scripting XSS from widthheight message via ImageHandler::getDimensionsStringThis issue affects Mediawiki - Wikidata Extension: from 1.39 through 1.43...
CVE-2025-32071 Wikibase CommonsInlineImageFormatter: i18n XSS
Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Wikidata Extension allows Cross-Site Scripting XSS from widthheight message via ImageHandler::getDimensionsStringThis issue affects Mediawiki - Wikidata Extension: from 1.39 through 1.43...
MediaWiki 输入验证错误漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the Wikimedia USA Foundation. The product can be used to deploy in-house knowledge management and content management systems. MediaWiki - A security vulnerability exists in Wikidata Extension versions 1.39 through 1.43,...
PT-2025-16135 · Unknown +1 · Wikidata Extension +1
Name of the Vulnerable Software and Affected Versions: Mediawiki - Wikidata Extension versions 1.39 through 1.43 Description: The issue is related to improper input validation in the Mediawiki - Wikidata Extension, allowing Cross-Site Scripting XSS from the widthheight message via the...
wikidata.da-dk.nina.az Cross Site Scripting vulnerability OBB-3925380
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
wikidata.uk-ua.nina.az Cross Site Scripting vulnerability OBB-3847972
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Wikibase Wikidata Query Service GUI HTML Injection Vulnerability
Wikibase Wikidata Query Service GUI is a graphical user interface for the Wikidata wikidata query service. A security vulnerability exists in the ui/editor/tooltip/Rdf.js file in versions prior to Wikibase Wikidata Query Service GUI 0.3.6-SNAPSHOT 2019-11-07. An attacker can exploit the...
Unspecified Vulnerability in Wikibase Wikidata Query Service GUI
Wikibase Wikidata Query Service GUI is a graphical user interface for the Wikidata wikidata query service. A security vulnerability exists in the ui/ResultView.js file in versions prior to Wikibase Wikidata Query Service GUI 0.3.6-SNAPSHOT 2019-11-07. An attacker can exploit the vulnerability to...
Wikibase Wikidata Query Service GUI Cross-Site Scripting Vulnerability
Wikibase Wikidata Query Service GUI is a graphical user interface for the Wikidata wikidata query service. A cross-site scripting vulnerability exists in Wikibase Wikidata Query Service GUI versions prior to 0.3.6-SNAPSHOT 2019-11-07. The vulnerability stems from the WEB application lacking prope...
CVE-2019-19328
ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT...
CVE-2019-19329
In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no...
CVE-2019-19327
ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT...
CVE-2019-19329
In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no...
CVE-2019-19328
ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT...
Design/Logic Flaw
ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT...
Design/Logic Flaw
ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT...