Lucene search
K

6 matches found

NVD
NVD
added yesterday9 views

CVE-2026-58371

SeaweedFS before 4.30 reflects the callback query parameter verbatim into responses served with Content-Type application/javascript in the shared writeJson helper weed/server/common.go, with no callback-name validation, no X-Content-Type-Options: nosniff header, and no CORS allow-list. Every JSON...

3.1CVSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.5 views

SUSE CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

6.1CVSS8AI score0.29726EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2023/01/31 1:12 p.m.6 views

jquery: Cross-site scripting via cross-domain ajax requests

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

6.1CVSS6.6AI score0.29726EPSS
Exploits2References4
OSV
OSV
added 2022/02/09 12:0 a.m.1 views

UBUNTU-CVE-2022-22760

When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91...

6.5CVSS6.6AI score0.00759EPSS
Exploits0References6
OSV
OSV
added 2018/01/18 11:29 p.m.2 views

ALPINE-CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

6.1CVSS6.4AI score0.29726EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2018/01/18 12:0 a.m.89 views

CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. Recent assessments: ze3ter at July 13, 2021 1:47pm UTC reported: Assessed Attacker Value: 3 Assessed...

6.1CVSS2.1AI score0.29726EPSS
Exploits2References39
Rows per page
Query Builder