6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.007 Low
EPSS
Percentile
79.4%
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks
when a cross-domain Ajax request is performed without the dataType option,
causing text/javascript responses to be executed.
Author | Note |
---|---|
mdeslaur | fix is intrusive and backwards-incompatible, see bug 3011 Due to this, we will not be fixing this issue in Ubuntu stable releases. Marking as ignored. |
github.com/jquery/jquery/pull/2588
github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2
launchpad.net/bugs/cve/CVE-2015-9251
nvd.nist.gov/vuln/detail/CVE-2015-9251
security-tracker.debian.org/tracker/CVE-2015-9251
snyk.io/vuln/npm:jquery:20150627
www.cve.org/CVERecord?id=CVE-2015-9251
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.007 Low
EPSS
Percentile
79.4%