Lucene search
K

7 matches found

NVD
NVD
added 2019/11/27 4:15 p.m.24 views

CVE-2019-19328

ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT...

6.1CVSS6.6AI score0.00854EPSS
Exploits0References3
OSV
OSV
added 2019/11/27 4:15 p.m.4 views

CVE-2019-19327

ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT...

6.1CVSS6.4AI score0.00854EPSS
Exploits0References3
NVD
NVD
added 2019/11/27 4:15 p.m.26 views

CVE-2019-19329

In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no...

6.1CVSS6.4AI score0.0142EPSS
Exploits1References4
Prion
Prion
added 2019/11/27 4:15 p.m.17 views

Design/Logic Flaw

ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT...

4.3CVSS6.5AI score0.00854EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2019/11/27 4:15 p.m.18 views

Design/Logic Flaw

ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT...

4.3CVSS6.5AI score0.00854EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/11/27 3:28 p.m.24 views

CVE-2019-19328

ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT...

6.6AI score0.00854EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/11/27 3:28 p.m.26 views

CVE-2019-19329

In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no...

6.5AI score0.0142EPSS
Exploits1References4
Rows per page
Query Builder