VYPR

Wikidata Query Service GUI

by Wikidata Query Service GUI

CVEs (2)

  • CVE-2019-19329MedNov 27, 2019
    risk 0.40cvss 6.1epss 0.01

    In Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07, when mathematical expressions in results are displayed directly, arbitrary JavaScript execution can occur, aka XSS. This was addressed by introducing MathJax as a new mathematics rendering engine. NOTE:…

  • CVE-2019-19328MedNov 27, 2019
    risk 0.40cvss 6.1epss 0.01

    ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT.