Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-9251

Published: 18/01/2018 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 385
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Jquery

Vulnerability Summary

jQuery prior to 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

jquery jquery

oracle service bus 12.1.3.0.0

oracle primavera unifier 16.2

oracle jd edwards enterpriseone tools 9.2

oracle enterprise manager ops center 12.2.2

oracle webcenter sites 11.1.1.8.0

oracle weblogic server 12.1.3.0

oracle jdeveloper 11.1.1.9.0

oracle primavera gateway 16.2

oracle primavera gateway 15.2

oracle primavera unifier 16.1

oracle jdeveloper 12.1.3.0.0

oracle peoplesoft enterprise peopletools 8.55

oracle peoplesoft enterprise peopletools 8.56

oracle hospitality guest access 4.2.0

oracle hospitality guest access 4.2.1

oracle financial services market risk measurement and management 8.0.5

oracle enterprise manager ops center 12.3.3

oracle weblogic server 12.2.1.3

oracle agile product lifecycle management for process 6.2.0.0

oracle agile product lifecycle management for process 6.2.1.0

oracle business process management suite 12.1.3.0.0

oracle business process management suite 12.2.1.3.0

oracle business process management suite 11.1.1.9.0

oracle fusion middleware mapviewer 12.2.1.3.0

oracle peoplesoft enterprise peopletools 8.57

oracle retail sales audit 15.0

oracle primavera unifier

oracle hospitality reporting and analytics 9.1.0

oracle communications services gatekeeper

oracle retail customer insights 15.0

oracle retail customer insights 16.0

oracle communications converged application server

oracle primavera gateway 17.12

oracle banking platform 2.6.0

oracle banking platform 2.6.1

oracle banking platform 2.6.2

oracle primavera unifier 18.8

oracle communications webrtc session controller

oracle jdeveloper 12.2.1.3.0

oracle service bus 12.2.1.3.0

oracle utilities framework

oracle agile product lifecycle management for process 6.2.2.0

oracle agile product lifecycle management for process 6.2.3.0

oracle agile product lifecycle management for process 6.2.3.1

oracle retail workforce management software 1.60.9

oracle retail workforce management software 1.64.0

oracle insurance insbridge rating and underwriting 5.2

oracle insurance insbridge rating and underwriting 5.4

oracle insurance insbridge rating and underwriting 5.5

oracle healthcare foundation 7.1

oracle healthcare foundation 7.2

oracle hospitality cruise fleet management 9.0.11

oracle retail allocation 15.0.2

oracle retail invoice matching 15.0

oracle oss support tools 19.1

oracle real-time scheduler 2.3.0

oracle utilities mobile workforce management 2.3.0

oracle financial services reconciliation framework 8.0.5

oracle financial services reconciliation framework 8.0.6

oracle financial services profitability management

oracle financial services market risk measurement and management 8.0.6

oracle financial services loan loss forecasting and provisioning

oracle financial services liquidity risk management

oracle financial services hedge management and ifrs valuations

oracle financial services funds transfer pricing

oracle financial services data integration hub

oracle financial services asset liability management

oracle financial services analytical applications infrastructure

oracle enterprise operations monitor 3.4

oracle enterprise operations monitor 4.0

oracle communications interactive session recorder 6.0

oracle communications interactive session recorder 6.1

oracle communications interactive session recorder 6.2

oracle hospitality materials control 18.1

oracle endeca information discovery studio 3.1.0

oracle endeca information discovery studio 3.2.0

oracle healthcare translational research 3.1.0

oracle siebel ui framework 18.10

oracle siebel ui framework 18.11

Vendor Advisories

Red Hat: Important: Red Hat Data Grid 7.3.5 security update
Synopsis Important: Red Hat Data Grid 735 security update Type/Severity Security Advisory: Important Topic An update for Red Hat Data Grid is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whic ...
Red Hat: Important: Red Hat JBoss Fuse/A-MQ 6.3 R15 security and bug fix update
Synopsis Important: Red Hat JBoss Fuse/A-MQ 63 R15 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Fuse 63 and Red Hat JBoss A-MQ 63Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Red Hat: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
Synopsis Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the idm:DL1 and idm:client modules is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of M ...
Red Hat: Moderate: ipa security, bug fix, and enhancement update
Synopsis Moderate: ipa security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for ipa is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CV ...
Red Hat: Important: Red Hat Fuse 7.6.0 security update
Synopsis Important: Red Hat Fuse 760 security update Type/Severity Security Advisory: Important Topic A minor version update (from 75 to 76) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security h ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 749 Security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Enterprise Application Platform 74 for ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 749 Security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 74 Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Red Hat: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update
Synopsis Moderate: pki-core:106 and pki-deps:106 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the pki-core:106 and pki-deps:106 modules is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a se ...
Amazon Linux AMI: ALAS-2020-1422
Ruby through 247, 25x through 256, and 26x through 264 allows HTTP Response Splitting If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients NOTE: this issue exists because of an incomplete fi ...
Amazon Linux 2: ALAS2-2020-1519
jQuery before 300 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed (CVE-2015-9251) In Bootstrap 3x before 340 and 4x-beta before 400-beta2, XSS is possible in the data-target attribute, a different vulnerability t ...
Amazon Linux 2: ALASRUBY2.6-2023-007
jQuery before 190 is vulnerable to Cross-site Scripting (XSS) attacks The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to ...
Red Hat: CVE-2015-9251
jQuery before 300 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed ...
Arch Linux Issues:
Severity Unknown Remote Unknown Type Unknown Description AVG-1041 ruby-rdoc 611-1 612-1 Unknown Fixed FS#63978 AVG-1040 ruby25 256-1 257-1 Medium Fixed ...
Tenable Security Advisories: [R1] Nessus Network Monitor 5.11.0 Fixes Multiple Third-party Vulnerabilities
Nessus Network Monitor leverages third-party software to help provide underlying functionality Several third-party components (OpenSSL, jQuery and momentjs) were found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution and in line with good practice, Tenable opted to upgrade the bundled Ope ...

ICS Advisories

Philips Vue PACS (Update A)
Critical Infrastructure Sectors: Healthcare and Public Health
Pepperl+Fuchs WirelessHART-Gateway

Mailing Lists

Full Disclosure: dotCMS v5.1.1 Vulnerabilities
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> dotCMS v511 Vulnerabilities <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: John Martinelli &lt;john () ...

Github Repositories

ChromeScope

automated chrome extension risk assessment

ChromeScope Test the functionality yourself with a simple front end interface chrome-extension-analyzerflydev Overview This Nodejs Express router module is designed for integration into Security Information and Event Management (SIEM) systems It provides automated analysis of Chrome extensions, offering insights into security, permissions, and code quality The module acce

https://github.com/andrew-healey/canvas-lms-vuln

An account-hijacking vulnerability I found on my school's systems.

Canvas XSS vulnerability I found an XSS vulnerability in Instructure's Canvas LMS (used by &gt;30 million students &amp; teachers) It revolves around an outdated, insecure version of jQuery and a broken image handler The vulnerability lets any malicious student take temporary control of their teacher's account (and thus change grades, steal answers, delete a

https://github.com/flyher/sheep

A front-end rendering solution , support IE6, IE7, IE8 and modern browser

Sheep A front-end rendering solution , support IE6 , IE8 and modern browser Version 02 rewrite all code run in IE5,IE6,IE7,IE8 and modern browser success( fix issue #1) support dom bind event Install start server cd server npm install node app start client cd resources\views npm install npm start

https://github.com/HansUXdev/OneArizona

A fairly simple nationbuilder site based on colllective theme and some unique styles.

OneArizona A fairly simple nationbuilder site based on colllective theme and some unique styles This is an old repo and no longer maintained jquery version here has vulnerabities, though they are not exposed its important to point out in case of code modifaction var var = ['CVE-2015-9251', 'CVE-2016-10707'] nvdnistgov/vuln/detail/${var[*]}

https://github.com/sho-h/pkgvulscheck

repository for vulnerability check bootstrap: CVE-2018-14041 jQuery: CVE-2015-9251 prototypejs: CVE-2008-7220 and CVE-2007-2383 maybe GitHub can't detect prototypejs's vulnerabilities

https://github.com/halkichi0308/CVE-2015-9251

CVE-2015-9251

References

CWE-79https://snyk.io/vuln/npm:jquery:20150627https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2https://github.com/jquery/jquery/pull/2588https://github.com/jquery/jquery/issues/2432https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cchttps://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdfhttps://ics-cert.us-cert.gov/advisories/ICSA-18-212-04http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttp://www.securityfocus.com/bid/105658https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://seclists.org/bugtraq/2019/May/18http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlhttp://seclists.org/fulldisclosure/2019/May/13http://seclists.org/fulldisclosure/2019/May/11http://seclists.org/fulldisclosure/2019/May/10http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.htmlhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://www.tenable.com/security/tns-2019-08https://www.oracle.com/security-alerts/cpujan2020.htmlhttps://access.redhat.com/errata/RHSA-2020:0481https://access.redhat.com/errata/RHSA-2020:0729http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.htmlhttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601https://security.netapp.com/advisory/ntap-20210108-0004/https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3Ehttps://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3Ehttps://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3Ehttps://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3Ehttps://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3Ehttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Ehttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2020:0729https://github.com/eotssa/ChromeScopehttps://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01https://alas.aws.amazon.com/ALAS-2020-1422.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook