CVE-2019-19327

Sažetak

ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection when reporting the number of results and number of milliseconds. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT.

Reference

https://gerrit.wikimedia.org/g/wikidata/query/gui/+/270f833cff8fdc1e050230ecc9f7dfc4d090d90d
https://gerrit.wikimedia.org/r/#/c/553311/
https://lists.wikimedia.org/pipermail/wikidata-tech/2019-November/001503.html

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

18-12-2019 - 18:28

Objavljeno

27-11-2019 - 16:15