Vulnerabilities (CVE)

Filtered by vendor Wikimedia Subscribe
Filtered by product Wikidata Query Gui
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19329 1 Wikimedia 1 Wikidata Query Gui 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT.
CVE-2019-19328 1 Wikimedia 1 Wikidata Query Gui 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT.
CVE-2019-19327 1 Wikimedia 1 Wikidata Query Gui 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT.