CVE - CVE-2015-9251

CVE-ID
CVE-2015-9251	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:105658 URL:http://www.securityfocus.com/bid/105658 BUGTRAQ:20190509 dotCMS v5.1.1 Vulnerabilities URL:https://seclists.org/bugtraq/2019/May/18 CONFIRM:https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 CONFIRM:https://security.netapp.com/advisory/ntap-20210108-0004/ CONFIRM:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html URL:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html CONFIRM:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html URL:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html CONFIRM:https://www.tenable.com/security/tns-2019-08 URL:https://www.tenable.com/security/tns-2019-08 FULLDISC:20190510 Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability URL:http://seclists.org/fulldisclosure/2019/May/13 FULLDISC:20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability URL:http://seclists.org/fulldisclosure/2019/May/11 FULLDISC:20190510 dotCMS v5.1.1 Vulnerabilities URL:http://seclists.org/fulldisclosure/2019/May/10 MISC:http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html URL:http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html MISC:http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html URL:http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html MISC:http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html URL:http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html MISC:https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc URL:https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc MISC:https://github.com/jquery/jquery/issues/2432 URL:https://github.com/jquery/jquery/issues/2432 MISC:https://github.com/jquery/jquery/pull/2588 URL:https://github.com/jquery/jquery/pull/2588 MISC:https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2 URL:https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2 MISC:https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04 URL:https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04 MISC:https://snyk.io/vuln/npm:jquery:20150627 URL:https://snyk.io/vuln/npm:jquery:20150627 MISC:https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf URL:https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf MISC:https://www.oracle.com/security-alerts/cpuapr2020.html URL:https://www.oracle.com/security-alerts/cpuapr2020.html MISC:https://www.oracle.com/security-alerts/cpujan2020.html URL:https://www.oracle.com/security-alerts/cpujan2020.html MISC:https://www.oracle.com/security-alerts/cpujul2020.html URL:https://www.oracle.com/security-alerts/cpujul2020.html MISC:https://www.oracle.com/security-alerts/cpuoct2020.html URL:https://www.oracle.com/security-alerts/cpuoct2020.html MISC:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html URL:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html URL:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html MISC:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html URL:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html MLIST:[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities URL:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E MLIST:[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities URL:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E MLIST:[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities URL:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E MLIST:[flink-dev] 20190811 Apache flink 1.7.2 security issues URL:https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E MLIST:[flink-user] 20190811 Apache flink 1.7.2 security issues URL:https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E MLIST:[flink-user] 20190813 Apache flink 1.7.2 security issues URL:https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E MLIST:[flink-user] 20190813 Re: Apache flink 1.7.2 security issues URL:https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E MLIST:[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js URL:https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E REDHAT:RHSA-2020:0481 URL:https://access.redhat.com/errata/RHSA-2020:0481 REDHAT:RHSA-2020:0729 URL:https://access.redhat.com/errata/RHSA-2020:0729 SUSE:openSUSE-SU-2020:0395 URL:http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
Assigning CNA
MITRE Corporation
Date Record Created
20180118	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20180118)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)