Lucene search
K

27 matches found

Prion
Prion
added 2019/11/27 4:15 p.m.18 views

Design/Logic Flaw

In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no...

4.3CVSS6.4AI score0.0142EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2019/11/27 3:28 p.m.23 views

CVE-2019-19327

ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT...

6.6AI score0.00854EPSS
Exploits0References3
CVE
CVE
added 2019/11/27 3:28 p.m.47 views

CVE-2019-19327

The CVE-2019-19327 entry pertains to the Wikibase Wikidata Query Service GUI: the file ui/ResultView.js in versions prior to 0.3.6-SNAPSHOT (2019-11-07) is vulnerable to HTML injection when reporting the number of results and the number of milliseconds. The note indicates this GUI code is no long...

6.1CVSS6.5AI score0.00854EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/11/27 3:28 p.m.24 views

CVE-2019-19328

ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT...

6.6AI score0.00854EPSS
Exploits0References3
CVE
CVE
added 2019/11/27 3:28 p.m.48 views

CVE-2019-19328

CVE-2019-19328 affects the Wikibase Wikidata Query Service GUI, specifically the file ui/editor/tooltip/Rdf.js. The vulnerability exists in versions prior to 0.3.6-SNAPSHOT (2019-11-07) and permits HTML injection in entity tooltips, enabling an attacker to inject HTML content via tooltips. The no...

6.1CVSS6.5AI score0.00854EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/11/27 3:28 p.m.26 views

CVE-2019-19329

In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no...

6.5AI score0.0142EPSS
Exploits1References4
CVE
CVE
added 2019/11/27 3:28 p.m.49 views

CVE-2019-19329

CVE-2019-19329 affects the Wikibase Wikidata Query Service GUI prior to 0.3.6-SNAPSHOT (2019-11-07). The vulnerability is a cross-site scripting (XSS) flaw where arbitrary JavaScript could execute when mathematical expressions in results are rendered directly. The underlying cause is inadequate h...

6.1CVSS6.4AI score0.0142EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder