Lucene search

K
cve[email protected]CVE-2015-9251
HistoryJan 18, 2018 - 11:29 p.m.

CVE-2015-9251

2018-01-1823:29:00
CWE-79
web.nvd.nist.gov
1712
5
cve-2015-9251
jquery
xss
vulnerability
ajax request
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.3

Confidence

High

EPSS

0.007

Percentile

79.7%

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Affected configurations

NVD
Node
jqueryjqueryRange<3.0.0
Node
oracleagile_product_lifecycle_management_for_processMatch6.2.0.0
OR
oracleagile_product_lifecycle_management_for_processMatch6.2.1.0
OR
oracleagile_product_lifecycle_management_for_processMatch6.2.2.0
OR
oracleagile_product_lifecycle_management_for_processMatch6.2.3.0
OR
oracleagile_product_lifecycle_management_for_processMatch6.2.3.1
OR
oraclebanking_platformMatch2.6.0
OR
oraclebanking_platformMatch2.6.1
OR
oraclebanking_platformMatch2.6.2
OR
oraclebusiness_process_management_suiteMatch11.1.1.9.0
OR
oraclebusiness_process_management_suiteMatch12.1.3.0.0
OR
oraclebusiness_process_management_suiteMatch12.2.1.3.0
OR
oraclecommunications_converged_application_serverRange<7.0.0.1
OR
oraclecommunications_interactive_session_recorderMatch6.0
OR
oraclecommunications_interactive_session_recorderMatch6.1
OR
oraclecommunications_interactive_session_recorderMatch6.2
OR
oraclecommunications_services_gatekeeperRange<6.1.0.4.0
OR
oraclecommunications_webrtc_session_controllerRange<7.2
OR
oracleendeca_information_discovery_studioMatch3.1.0
OR
oracleendeca_information_discovery_studioMatch3.2.0
OR
oracleenterprise_manager_ops_centerMatch12.2.2
OR
oracleenterprise_manager_ops_centerMatch12.3.3
OR
oracleenterprise_operations_monitorMatch3.4
OR
oracleenterprise_operations_monitorMatch4.0
OR
oraclefinancial_services_analytical_applications_infrastructureRange7.3.37.3.5
OR
oraclefinancial_services_analytical_applications_infrastructureRange8.0.08.0.7
OR
oraclefinancial_services_asset_liability_managementRange8.0.48.0.7
OR
oraclefinancial_services_data_integration_hubRange8.0.58.0.7
OR
oraclefinancial_services_funds_transfer_pricingRange8.0.48.0.7
OR
oraclefinancial_services_hedge_management_and_ifrs_valuationsRange8.0.48.0.7
OR
oraclefinancial_services_liquidity_risk_managementRange8.0.28.0.6
OR
oraclefinancial_services_loan_loss_forecasting_and_provisioningRange8.0.28.0.7
OR
oraclefinancial_services_market_risk_measurement_and_managementMatch8.0.5
OR
oraclefinancial_services_market_risk_measurement_and_managementMatch8.0.6
OR
oraclefinancial_services_profitability_managementRange8.0.48.0.6
OR
oraclefinancial_services_reconciliation_frameworkMatch8.0.5
OR
oraclefinancial_services_reconciliation_frameworkMatch8.0.6
OR
oraclefusion_middleware_mapviewerMatch12.2.1.3.0
OR
oraclehealthcare_foundationMatch7.1
OR
oraclehealthcare_foundationMatch7.2
OR
oraclehealthcare_translational_researchMatch3.1.0
OR
oraclehospitality_cruise_fleet_managementMatch9.0.11
OR
oraclehospitality_guest_accessMatch4.2.0
OR
oraclehospitality_guest_accessMatch4.2.1
OR
oraclehospitality_materials_controlMatch18.1
OR
oraclehospitality_reporting_and_analyticsMatch9.1.0
OR
oracleinsurance_insbridge_rating_and_underwritingMatch5.2
OR
oracleinsurance_insbridge_rating_and_underwritingMatch5.4
OR
oracleinsurance_insbridge_rating_and_underwritingMatch5.5
OR
oraclejd_edwards_enterpriseone_toolsMatch9.2
OR
oraclejdeveloperMatch11.1.1.9.0
OR
oraclejdeveloperMatch12.1.3.0.0
OR
oraclejdeveloperMatch12.2.1.3.0
OR
oracleoss_support_toolsMatch19.1
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.55
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.56
OR
oraclepeoplesoft_enterprise_peopletoolsMatch8.57
OR
oracleprimavera_gatewayMatch15.2
OR
oracleprimavera_gatewayMatch16.2
OR
oracleprimavera_gatewayMatch17.12
OR
oracleprimavera_unifierRange17.117.12
OR
oracleprimavera_unifierMatch16.1
OR
oracleprimavera_unifierMatch16.2
OR
oracleprimavera_unifierMatch18.8
OR
oraclereal-time_schedulerMatch2.3.0
OR
oracleretail_allocationMatch15.0.2
OR
oracleretail_customer_insightsMatch15.0
OR
oracleretail_customer_insightsMatch16.0
OR
oracleretail_invoice_matchingMatch15.0
OR
oracleretail_sales_auditMatch15.0
OR
oracleretail_workforce_management_softwareMatch1.60.9
OR
oracleretail_workforce_management_softwareMatch1.64.0
OR
oracleservice_busMatch12.1.3.0.0
OR
oracleservice_busMatch12.2.1.3.0
OR
oraclesiebel_ui_frameworkMatch18.10
OR
oraclesiebel_ui_frameworkMatch18.11
OR
oracleutilities_frameworkRange4.3.0.14.3.0.4
OR
oracleutilities_mobile_workforce_managementMatch2.3.0
OR
oraclewebcenter_sitesMatch11.1.1.8.0
OR
oracleweblogic_serverMatch12.1.3.0
OR
oracleweblogic_serverMatch12.2.1.3
CPENameOperatorVersion
jquery:jqueryjquerylt3.0.0

References

Social References

More

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.3

Confidence

High

EPSS

0.007

Percentile

79.7%