Medium severity6.1NVD Advisory· Published Nov 27, 2019· Updated Jun 17, 2026
CVE-2019-19329
CVE-2019-19329
Description
In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Wikibase/Wikibase Wikidata Query Service GUIdescription
- Range: <0.3.6-SNAPSHOT 2019-11-07
- Range: <0.3.6-SNAPSHOT 2019-11-07
Patches
Vulnerability mechanics
References
4- gerrit.wikimedia.org/g/wikidata/query/gui/+/d9f964b88c01748e278ca8c4b8929a8ef0ef0267nvdMailing ListPatchVendor Advisory
- gerrit.wikimedia.org/r/nvdPatchVendor Advisory
- phabricator.wikimedia.org/T233213nvdExploitIssue TrackingVendor Advisory
- lists.wikimedia.org/pipermail/wikidata-tech/2019-November/001492.htmlnvdVendor Advisory
News mentions
0No linked articles in our index yet.