CVE-2020-36324
N/A
N/A
Summary
Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://quarry.wmflabs.org/
- https://github.com/wikimedia/analytics-quarry-web/commit/4b7e1d6a3a52ec6cf826a971135a38b0f74785d2
References
- https://quarry.wmflabs.org/
- https://github.com/wikimedia/analytics-quarry-web/commit/4b7e1d6a3a52ec6cf826a971135a38b0f74785d2
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.