CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
jqueryjquery
𝑥
< 3.0.0
oracleagile_product_lifecycle_management_for_process
6.2.0.0
oracleagile_product_lifecycle_management_for_process
6.2.1.0
oracleagile_product_lifecycle_management_for_process
6.2.2.0
oracleagile_product_lifecycle_management_for_process
6.2.3.0
oracleagile_product_lifecycle_management_for_process
6.2.3.1
oraclebanking_platform
2.6.0
oraclebanking_platform
2.6.1
oraclebanking_platform
2.6.2
oraclebusiness_process_management_suite
11.1.1.9.0
oraclebusiness_process_management_suite
12.1.3.0.0
oraclebusiness_process_management_suite
12.2.1.3.0
oraclecommunications_converged_application_server
𝑥
< 7.0.0.1
oraclecommunications_interactive_session_recorder
6.0
oraclecommunications_interactive_session_recorder
6.1
oraclecommunications_interactive_session_recorder
6.2
oraclecommunications_services_gatekeeper
𝑥
< 6.1.0.4.0
oraclecommunications_webrtc_session_controller
𝑥
< 7.2
oracleendeca_information_discovery_studio
3.1.0
oracleendeca_information_discovery_studio
3.2.0
oracleenterprise_manager_ops_center
12.2.2
oracleenterprise_manager_ops_center
12.3.3
oracleenterprise_operations_monitor
3.4
oracleenterprise_operations_monitor
4.0
oraclefinancial_services_analytical_applications_infrastructure
7.3.3 ≤
𝑥
≤ 7.3.5
oraclefinancial_services_analytical_applications_infrastructure
8.0.0 ≤
𝑥
≤ 8.0.7
oraclefinancial_services_asset_liability_management
8.0.4 ≤
𝑥
≤ 8.0.7
oraclefinancial_services_data_integration_hub
8.0.5 ≤
𝑥
≤ 8.0.7
oraclefinancial_services_funds_transfer_pricing
8.0.4 ≤
𝑥
≤ 8.0.7
oraclefinancial_services_hedge_management_and_ifrs_valuations
8.0.4 ≤
𝑥
≤ 8.0.7
oraclefinancial_services_liquidity_risk_management
8.0.2 ≤
𝑥
≤ 8.0.6
oraclefinancial_services_loan_loss_forecasting_and_provisioning
8.0.2 ≤
𝑥
≤ 8.0.7
oraclefinancial_services_market_risk_measurement_and_management
8.0.5
oraclefinancial_services_market_risk_measurement_and_management
8.0.6
oraclefinancial_services_profitability_management
8.0.4 ≤
𝑥
≤ 8.0.6
oraclefinancial_services_reconciliation_framework
8.0.5
oraclefinancial_services_reconciliation_framework
8.0.6
oraclefusion_middleware_mapviewer
12.2.1.3.0
oraclehealthcare_foundation
7.1
oraclehealthcare_foundation
7.2
oraclehealthcare_translational_research
3.1.0
oraclehospitality_cruise_fleet_management
9.0.11
oraclehospitality_guest_access
4.2.0
oraclehospitality_guest_access
4.2.1
oraclehospitality_materials_control
18.1
oraclehospitality_reporting_and_analytics
9.1.0
oracleinsurance_insbridge_rating_and_underwriting
5.2
oracleinsurance_insbridge_rating_and_underwriting
5.4
oracleinsurance_insbridge_rating_and_underwriting
5.5
oraclejd_edwards_enterpriseone_tools
9.2
oraclejdeveloper
11.1.1.9.0
oraclejdeveloper
12.1.3.0.0
oraclejdeveloper
12.2.1.3.0
oracleoss_support_tools
19.1
oraclepeoplesoft_enterprise_peopletools
8.55
oraclepeoplesoft_enterprise_peopletools
8.56
oraclepeoplesoft_enterprise_peopletools
8.57
oracleprimavera_gateway
15.2
oracleprimavera_gateway
16.2
oracleprimavera_gateway
17.12
oracleprimavera_unifier
17.1 ≤
𝑥
≤ 17.12
oracleprimavera_unifier
16.1
oracleprimavera_unifier
16.2
oracleprimavera_unifier
18.8
oraclereal-time_scheduler
2.3.0
oracleretail_allocation
15.0.2
oracleretail_customer_insights
15.0
oracleretail_customer_insights
16.0
oracleretail_invoice_matching
15.0
oracleretail_sales_audit
15.0
oracleretail_workforce_management_software
1.60.9
oracleretail_workforce_management_software
1.64.0
oracleservice_bus
12.1.3.0.0
oracleservice_bus
12.2.1.3.0
oraclesiebel_ui_framework
18.10
oraclesiebel_ui_framework
18.11
oracleutilities_framework
4.3.0.1 ≤
𝑥
≤ 4.3.0.4
oracleutilities_mobile_workforce_management
2.3.0
oraclewebcenter_sites
11.1.1.8.0
oracleweblogic_server
12.1.3.0
oracleweblogic_server
12.2.1.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jquery
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
not-affected
xenial
ignored
trusty
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
http://seclists.org/fulldisclosure/2019/May/10
http://seclists.org/fulldisclosure/2019/May/11
http://seclists.org/fulldisclosure/2019/May/13
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/105658
https://access.redhat.com/errata/RHSA-2020:0481
https://access.redhat.com/errata/RHSA-2020:0729
https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc
https://github.com/jquery/jquery/issues/2432
https://github.com/jquery/jquery/pull/2588
https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2
https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E
https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://seclists.org/bugtraq/2019/May/18
https://security.netapp.com/advisory/ntap-20210108-0004/
https://snyk.io/vuln/npm:jquery:20150627
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.tenable.com/security/tns-2019-08
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
http://seclists.org/fulldisclosure/2019/May/10
http://seclists.org/fulldisclosure/2019/May/11
http://seclists.org/fulldisclosure/2019/May/13
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/105658
https://access.redhat.com/errata/RHSA-2020:0481
https://access.redhat.com/errata/RHSA-2020:0729
https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc
https://github.com/jquery/jquery/issues/2432
https://github.com/jquery/jquery/pull/2588
https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2
https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E
https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://seclists.org/bugtraq/2019/May/18
https://security.netapp.com/advisory/ntap-20210108-0004/
https://snyk.io/vuln/npm:jquery:20150627
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.tenable.com/security/tns-2019-08