CVE-2020-36324
Published
CVSS v3
6.1
MEDIUM
CVSS v2
4.3
MEDIUM
Affected
1
PROJECT
Description
Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.
Github mirror of "analytics/quarry/web" - our actual code is hosted with Gerrit (please see https://www.mediawiki.org/wiki/Developer_access for contributing
GitHub