CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-36324

Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.2%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://github.com/wikimedia/analytics-quarry-web/commit/4b7e1d6a3a52ec6cf826a971135a38b0f74785d2
https://quarry.wmflabs.org/
https://github.com/wikimedia/analytics-quarry-web/commit/4b7e1d6a3a52ec6cf826a971135a38b0f74785d2
https://quarry.wmflabs.org/

Products affected by CVE-2020-36324

Wikimedia » Analytics-Quarry-Web » Version: N/A

cpe:2.3:a:wikimedia:analytics-quarry-web:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-36324

Products

Pricing

Contact Us