Léa Lacroix

**Name of the Vulnerable Software and Affected Versions** Wikibase Wikidata Query Service GUI versions prior to 0.3.6-SNAPSHOT **Description** The issue allows HTML injection when reporting the number of results and number of milliseconds in the ui/ResultView.js file. **Recommendations** For versions prior to 0.3.6-SNAPSHOT, update to version 0.3.6-SNAPSHOT or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wikibase Wikidata Query Service GUI versions prior to 0.3.6-SNAPSHOT **Description** The issue allows HTML injection in tooltips for entities, specifically affecting the ui/editor/tooltip/Rdf.js component. This could potentially lead to malicious HTML being injected into tooltips. **Recommendations** For versions prior to 0.3.6-SNAPSHOT, update to version 0.3.6-SNAPSHOT or later to resolve the issue.