Lucene search

[email protected]NVD:CVE-2015-9251

HistoryJan 18, 2018 - 11:29 p.m.

CVE-2015-9251

2018-01-1823:29:00

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.7%

JSON

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Affected configurations

NVD

Node

jqueryjqueryRange<3.0.0

Node

oracleagile_product_lifecycle_management_for_processMatch6.2.0.0

oracleagile_product_lifecycle_management_for_processMatch6.2.1.0

oracleagile_product_lifecycle_management_for_processMatch6.2.2.0

oracleagile_product_lifecycle_management_for_processMatch6.2.3.0

oracleagile_product_lifecycle_management_for_processMatch6.2.3.1

oraclebanking_platformMatch2.6.0

oraclebanking_platformMatch2.6.1

oraclebanking_platformMatch2.6.2

oraclebusiness_process_management_suiteMatch11.1.1.9.0

oraclebusiness_process_management_suiteMatch12.1.3.0.0

oraclebusiness_process_management_suiteMatch12.2.1.3.0

oraclecommunications_converged_application_serverRange<7.0.0.1

oraclecommunications_interactive_session_recorderMatch6.0

oraclecommunications_interactive_session_recorderMatch6.1

oraclecommunications_interactive_session_recorderMatch6.2

oraclecommunications_services_gatekeeperRange<6.1.0.4.0

oraclecommunications_webrtc_session_controllerRange<7.2

oracleendeca_information_discovery_studioMatch3.1.0

oracleendeca_information_discovery_studioMatch3.2.0

oracleenterprise_manager_ops_centerMatch12.2.2

oracleenterprise_manager_ops_centerMatch12.3.3

oracleenterprise_operations_monitorMatch3.4

oracleenterprise_operations_monitorMatch4.0

oraclefinancial_services_analytical_applications_infrastructureRange7.3.3–7.3.5

oraclefinancial_services_analytical_applications_infrastructureRange8.0.0–8.0.7

oraclefinancial_services_asset_liability_managementRange8.0.4–8.0.7

oraclefinancial_services_data_integration_hubRange8.0.5–8.0.7

oraclefinancial_services_funds_transfer_pricingRange8.0.4–8.0.7

oraclefinancial_services_hedge_management_and_ifrs_valuationsRange8.0.4–8.0.7

oraclefinancial_services_liquidity_risk_managementRange8.0.2–8.0.6

oraclefinancial_services_loan_loss_forecasting_and_provisioningRange8.0.2–8.0.7

oraclefinancial_services_market_risk_measurement_and_managementMatch8.0.5

oraclefinancial_services_market_risk_measurement_and_managementMatch8.0.6

oraclefinancial_services_profitability_managementRange8.0.4–8.0.6

oraclefinancial_services_reconciliation_frameworkMatch8.0.5

oraclefinancial_services_reconciliation_frameworkMatch8.0.6

oraclefusion_middleware_mapviewerMatch12.2.1.3.0

oraclehealthcare_foundationMatch7.1

oraclehealthcare_foundationMatch7.2

oraclehealthcare_translational_researchMatch3.1.0

oraclehospitality_cruise_fleet_managementMatch9.0.11

oraclehospitality_guest_accessMatch4.2.0

oraclehospitality_guest_accessMatch4.2.1

oraclehospitality_materials_controlMatch18.1

oraclehospitality_reporting_and_analyticsMatch9.1.0

oracleinsurance_insbridge_rating_and_underwritingMatch5.2

oracleinsurance_insbridge_rating_and_underwritingMatch5.4

oracleinsurance_insbridge_rating_and_underwritingMatch5.5

oraclejd_edwards_enterpriseone_toolsMatch9.2

oraclejdeveloperMatch11.1.1.9.0

oraclejdeveloperMatch12.1.3.0.0

oraclejdeveloperMatch12.2.1.3.0

oracleoss_support_toolsMatch19.1

oraclepeoplesoft_enterprise_peopletoolsMatch8.55

oraclepeoplesoft_enterprise_peopletoolsMatch8.56

oraclepeoplesoft_enterprise_peopletoolsMatch8.57

oracleprimavera_gatewayMatch15.2

oracleprimavera_gatewayMatch16.2

oracleprimavera_gatewayMatch17.12

oracleprimavera_unifierRange17.1–17.12

oracleprimavera_unifierMatch16.1

oracleprimavera_unifierMatch16.2

oracleprimavera_unifierMatch18.8

oraclereal-time_schedulerMatch2.3.0

oracleretail_allocationMatch15.0.2

oracleretail_customer_insightsMatch15.0

oracleretail_customer_insightsMatch16.0

oracleretail_invoice_matchingMatch15.0

oracleretail_sales_auditMatch15.0

oracleretail_workforce_management_softwareMatch1.60.9

oracleretail_workforce_management_softwareMatch1.64.0

oracleservice_busMatch12.1.3.0.0

oracleservice_busMatch12.2.1.3.0

oraclesiebel_ui_frameworkMatch18.10

oraclesiebel_ui_frameworkMatch18.11

oracleutilities_frameworkRange4.3.0.1–4.3.0.4

oracleutilities_mobile_workforce_managementMatch2.3.0

oraclewebcenter_sitesMatch11.1.1.8.0

oracleweblogic_serverMatch12.1.3.0

oracleweblogic_serverMatch12.2.1.3

References

lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html

packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html

packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html

packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html

seclists.org/fulldisclosure/2019/May/10

seclists.org/fulldisclosure/2019/May/11

seclists.org/fulldisclosure/2019/May/13

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

www.securityfocus.com/bid/105658

access.redhat.com/errata/RHSA-2020:0481

access.redhat.com/errata/RHSA-2020:0729

github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc

github.com/jquery/jquery/issues/2432

github.com/jquery/jquery/pull/2588

github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2

ics-cert.us-cert.gov/advisories/ICSA-18-212-04

kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E

lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E

lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E

lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E

lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E

lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

seclists.org/bugtraq/2019/May/18

security.netapp.com/advisory/ntap-20210108-0004/

snyk.io/vuln/npm:jquery:20150627

sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf

www.oracle.com/security-alerts/cpuapr2020.html

www.oracle.com/security-alerts/cpujan2020.html

www.oracle.com/security-alerts/cpujul2020.html

www.oracle.com/security-alerts/cpuoct2020.html

www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

www.tenable.com/security/tns-2019-08

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.7%

JSON

Related for NVD:CVE-2015-9251