PT-2019-15811 · Wikimedia · Wikibase Wikidata Query Service Gui

Lucas Werkmeister

Publicado

2019-11-27

Atualizado

2019-12-18

CVE-2019-19329

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Wikibase Wikidata Query Service GUI versions prior to 0.3.6-SNAPSHOT 2019-11-07

Description The issue allows for arbitrary JavaScript execution, which can occur when mathematical expressions in results are displayed directly. This can lead to XSS. The problem was addressed by introducing MathJax as a new mathematics rendering engine.

Recommendations For versions prior to 0.3.6-SNAPSHOT 2019-11-07, update to a version that includes the new mathematics rendering engine, such as 0.3.6-SNAPSHOT or later, to prevent arbitrary JavaScript execution.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-19329

Produtos afetados

Wikibase Wikidata Query Service Gui

PT-2019-15811 · Wikimedia · Wikibase Wikidata Query Service Gui

CVE-2019-19329

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6