CVE-2015-9251
UnknownEPSS 30.22%
Last modified
CVE-2015-9251 is a vulnerability of currently unknown severity. jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.. EPSS estimates a 30.22% chance of exploitation in the next 30 days.
Description
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jquery | Jquery | < 3.0.0 |
| Oracle | Agile Product Lifecycle Management For Process | 6.2.0.0 |
| Oracle | Agile Product Lifecycle Management For Process | 6.2.1.0 |
| Oracle | Agile Product Lifecycle Management For Process | 6.2.2.0 |
| Oracle | Agile Product Lifecycle Management For Process | 6.2.3.0 |
| Oracle | Agile Product Lifecycle Management For Process | 6.2.3.1 |
| Oracle | Banking Platform | 2.6.0 |
| Oracle | Banking Platform | 2.6.1 |
| Oracle | Banking Platform | 2.6.2 |
| Oracle | Business Process Management Suite | 11.1.1.9.0 |
| Oracle | Business Process Management Suite | 12.1.3.0.0 |
| Oracle | Business Process Management Suite | 12.2.1.3.0 |
| Oracle | Communications Converged Application Server | < 7.0.0.1 |
| Oracle | Communications Interactive Session Recorder | 6.0 |
| Oracle | Communications Interactive Session Recorder | 6.1 |
| Oracle | Communications Interactive Session Recorder | 6.2 |
| Oracle | Communications Services Gatekeeper | < 6.1.0.4.0 |
| Oracle | Communications Webrtc Session Controller | < 7.2 |
| Oracle | Endeca Information Discovery Studio | 3.1.0 |
| Oracle | Endeca Information Discovery Studio | 3.2.0 |
| Oracle | Enterprise Manager Ops Center | 12.2.2 |
| Oracle | Enterprise Manager Ops Center | 12.3.3 |
| Oracle | Enterprise Operations Monitor | 3.4 |
| Oracle | Enterprise Operations Monitor | 4.0 |
| Oracle | Financial Services Analytical Applications Infrastructure | >= 7.3.3, <= 7.3.5 |
| Oracle | Financial Services Analytical Applications Infrastructure | >= 8.0.0, <= 8.0.7 |
| Oracle | Financial Services Asset Liability Management | >= 8.0.4, <= 8.0.7 |
| Oracle | Financial Services Data Integration Hub | >= 8.0.5, <= 8.0.7 |
| Oracle | Financial Services Funds Transfer Pricing | >= 8.0.4, <= 8.0.7 |
| Oracle | Financial Services Hedge Management And Ifrs Valuations | >= 8.0.4, <= 8.0.7 |
| Oracle | Financial Services Liquidity Risk Management | >= 8.0.2, <= 8.0.6 |
| Oracle | Financial Services Loan Loss Forecasting And Provisioning | >= 8.0.2, <= 8.0.7 |
| Oracle | Financial Services Market Risk Measurement And Management | 8.0.5 |
| Oracle | Financial Services Market Risk Measurement And Management | 8.0.6 |
| Oracle | Financial Services Profitability Management | >= 8.0.4, <= 8.0.6 |
| Oracle | Financial Services Reconciliation Framework | 8.0.5 |
| Oracle | Financial Services Reconciliation Framework | 8.0.6 |
| Oracle | Fusion Middleware Mapviewer | 12.2.1.3.0 |
| Oracle | Healthcare Foundation | 7.1 |
| Oracle | Healthcare Foundation | 7.2 |
| Oracle | Healthcare Translational Research | 3.1.0 |
| Oracle | Hospitality Cruise Fleet Management | 9.0.11 |
| Oracle | Hospitality Guest Access | 4.2.0 |
| Oracle | Hospitality Guest Access | 4.2.1 |
| Oracle | Hospitality Materials Control | 18.1 |
| Oracle | Hospitality Reporting And Analytics | 9.1.0 |
| Oracle | Insurance Insbridge Rating And Underwriting | 5.2 |
| Oracle | Insurance Insbridge Rating And Underwriting | 5.4 |
| Oracle | Insurance Insbridge Rating And Underwriting | 5.5 |
| Oracle | Jd Edwards Enterpriseone Tools | 9.2 |
Showing 50 of 81 affected configurations. See NVD for the full list.
References
- http://www.securityfocus.com/bid/105658Third Party Advisory, VDB Entry
- https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0ccPatch, Third Party Advisory
- https://github.com/jquery/jquery/issues/2432Issue Tracking, Patch, Third Party Advisory
- https://github.com/jquery/jquery/pull/2588Issue Tracking, Patch, Third Party Advisory
- https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2Patch, Third Party Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04Third Party Advisory, US Government Resource
- https://snyk.io/vuln/npm:jquery:20150627Patch, Third Party Advisory
- http://www.securityfocus.com/bid/105658Third Party Advisory, VDB Entry
- https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0ccPatch, Third Party Advisory
- https://github.com/jquery/jquery/issues/2432Issue Tracking, Patch, Third Party Advisory
- https://github.com/jquery/jquery/pull/2588Issue Tracking, Patch, Third Party Advisory
- https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2Patch, Third Party Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04Third Party Advisory, US Government Resource
- https://snyk.io/vuln/npm:jquery:20150627Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-9251?
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
How severe is CVE-2015-9251?
Severity scoring for CVE-2015-9251 is pending analysis. The EPSS model estimates a 30.22% probability of exploitation in the next 30 days.
How do I fix CVE-2015-9251?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2015-9251?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST