Skip to main content

Wikidata Query Gui

3 CVEs product

Monthly

CVE-2019-19329 MEDIUM POC PATCH This Month

In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Wikidata Query Gui
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2019-19328 MEDIUM PATCH This Month

ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wikidata Query Gui
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-19327 MEDIUM PATCH This Month

ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wikidata Query Gui
NVD
CVSS 3.1
6.1
EPSS
0.9%
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Wikidata Query Gui
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wikidata Query Gui
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wikidata Query Gui
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy