27 matches found
Design/Logic Flaw
In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no...
CVE-2019-19327
ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT...
CVE-2019-19327
The CVE-2019-19327 entry pertains to the Wikibase Wikidata Query Service GUI: the file ui/ResultView.js in versions prior to 0.3.6-SNAPSHOT (2019-11-07) is vulnerable to HTML injection when reporting the number of results and the number of milliseconds. The note indicates this GUI code is no long...
CVE-2019-19328
ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT...
CVE-2019-19328
CVE-2019-19328 affects the Wikibase Wikidata Query Service GUI, specifically the file ui/editor/tooltip/Rdf.js. The vulnerability exists in versions prior to 0.3.6-SNAPSHOT (2019-11-07) and permits HTML injection in entity tooltips, enabling an attacker to inject HTML content via tooltips. The no...
CVE-2019-19329
In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no...
CVE-2019-19329
CVE-2019-19329 affects the Wikibase Wikidata Query Service GUI prior to 0.3.6-SNAPSHOT (2019-11-07). The vulnerability is a cross-site scripting (XSS) flaw where arbitrary JavaScript could execute when mathematical expressions in results are rendered directly. The underlying cause is inadequate h...