CVE-2015-9251 - Vulncode-DB

CVE-2015-9251 (NVD)

2018-01-18

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Products	Jquery, Agile_product_lifecycle_management_for_process, Banking_platform, Business_process_management_suite, Communications_converged_application_server, Communications_interactive_session_recorder, Communications_services_gatekeeper, Communications_webrtc_session_controller, Endeca_information_discovery_studio, Enterprise_manager_ops_center, Enterprise_operations_monitor, Financial_services_analytical_applications_infrastructure, Financial_services_asset_liability_management, Financial_services_data_integration_hub, Financial_services_funds_transfer_pricing, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_liquidity_risk_management, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_market_risk_measurement_and_management, Financial_services_profitability_management, Financial_services_reconciliation_framework, Fusion_middleware_mapviewer, Healthcare_foundation, Healthcare_translational_research, Hospitality_cruise_fleet_management, Hospitality_guest_access, Hospitality_materials_control, Hospitality_reporting_and_analytics, Insurance_insbridge_rating_and_underwriting, Jd_edwards_enterpriseone_tools, Jdeveloper, Oss_support_tools, Peoplesoft_enterprise_peopletools, Primavera_gateway, Primavera_unifier, Real\-Time_scheduler, Retail_allocation, Retail_customer_insights, Retail_invoice_matching, Retail_sales_audit, Retail_workforce_management_software, Service_bus, Siebel_ui_framework, Utilities_framework, Utilities_mobile_workforce_management, Webcenter_sites, Weblogic_server
Type	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
First patch	https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc
Patches	• https://github.com/jquery/jquery/pull/2588 • https://github.com/jquery/jquery/issues/2432 • https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2
Relevant file/s	• ./src/ajax/script.js (modified, +7) • ./test/unit/ajax.js (modified, +48)
Links	• https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E • http://seclists.org/fulldisclosure/2019/May/10 • https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E • http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html • https://www.oracle.com/security-alerts/cpujul2020.html More/Less (29) • https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E • https://www.oracle.com/security-alerts/cpuapr2020.html • https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E • https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E • https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E • https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html • https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html • https://access.redhat.com/errata/RHSA-2020:0481 • https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html • https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E • https://seclists.org/bugtraq/2019/May/18 • http://seclists.org/fulldisclosure/2019/May/13 • https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html • http://www.securityfocus.com/bid/105658 • https://www.oracle.com/security-alerts/cpujan2020.html • https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html • http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html • https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf • https://snyk.io/vuln/npm:jquery:20150627 • https://access.redhat.com/errata/RHSA-2020:0729 • https://security.netapp.com/advisory/ntap-20210108-0004/ • https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E • http://seclists.org/fulldisclosure/2019/May/11 • http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html • https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04 • https://www.tenable.com/security/tns-2019-08 • https://www.oracle.com/security-alerts/cpuoct2020.html

jquery - Tree: f60729f390

(? files)

Filter Settings

All Files

Relevant Files

Vulnerable Files

Patched Files

Files

VS-Dark VS-Bright Monokai Darcula

Navigation

Patch data:

(on by default)

Patched area: