jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2018-01-18 23:29
Updated : 2024-02-04 19:46
NVD link : CVE-2015-9251
Mitre link : CVE-2015-9251
CVE.ORG link : CVE-2015-9251
JSON object : View
Products Affected
oracle
- retail_workforce_management_software
- utilities_framework
- fusion_middleware_mapviewer
- primavera_gateway
- healthcare_translational_research
- communications_interactive_session_recorder
- communications_converged_application_server
- hospitality_cruise_fleet_management
- financial_services_asset_liability_management
- peoplesoft_enterprise_peopletools
- financial_services_analytical_applications_infrastructure
- retail_invoice_matching
- utilities_mobile_workforce_management
- enterprise_operations_monitor
- financial_services_funds_transfer_pricing
- webcenter_sites
- healthcare_foundation
- real-time_scheduler
- banking_platform
- financial_services_loan_loss_forecasting_and_provisioning
- financial_services_profitability_management
- jdeveloper
- communications_webrtc_session_controller
- financial_services_liquidity_risk_management
- business_process_management_suite
- hospitality_guest_access
- hospitality_materials_control
- retail_allocation
- jd_edwards_enterpriseone_tools
- communications_services_gatekeeper
- endeca_information_discovery_studio
- hospitality_reporting_and_analytics
- agile_product_lifecycle_management_for_process
- retail_sales_audit
- service_bus
- enterprise_manager_ops_center
- financial_services_reconciliation_framework
- financial_services_market_risk_measurement_and_management
- insurance_insbridge_rating_and_underwriting
- weblogic_server
- siebel_ui_framework
- financial_services_data_integration_hub
- financial_services_hedge_management_and_ifrs_valuations
- oss_support_tools
- retail_customer_insights
- primavera_unifier
jquery
- jquery
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')