Filtered by vendor Wikimedia
Subscriptions
Filtered by product Wikidata Query Gui
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19328 | 1 Wikimedia | 1 Wikidata Query Gui | 2024-08-05 | 6.1 Medium |
| ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT. | ||||
| CVE-2019-19329 | 1 Wikimedia | 1 Wikidata Query Gui | 2024-08-05 | 6.1 Medium |
| In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT. | ||||
| CVE-2019-19327 | 1 Wikimedia | 1 Wikidata Query Gui | 2024-08-05 | 6.1 Medium |
| ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT. | ||||
Page 1 of 1.