jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 02:28
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2018-01-18 23:29
Updated : 2024-02-28 16:25
NVD link : CVE-2015-9251
Mitre link : CVE-2015-9251
CVE.ORG link : CVE-2015-9251
JSON object : View
Products Affected
oracle
- financial_services_market_risk_measurement_and_management
- retail_sales_audit
- healthcare_translational_research
- primavera_gateway
- financial_services_hedge_management_and_ifrs_valuations
- primavera_unifier
- retail_allocation
- hospitality_materials_control
- retail_invoice_matching
- financial_services_reconciliation_framework
- fusion_middleware_mapviewer
- utilities_mobile_workforce_management
- service_bus
- weblogic_server
- communications_interactive_session_recorder
- hospitality_guest_access
- agile_product_lifecycle_management_for_process
- financial_services_data_integration_hub
- healthcare_foundation
- enterprise_operations_monitor
- business_process_management_suite
- peoplesoft_enterprise_peopletools
- siebel_ui_framework
- real-time_scheduler
- communications_converged_application_server
- enterprise_manager_ops_center
- insurance_insbridge_rating_and_underwriting
- financial_services_loan_loss_forecasting_and_provisioning
- jdeveloper
- utilities_framework
- financial_services_asset_liability_management
- jd_edwards_enterpriseone_tools
- communications_services_gatekeeper
- banking_platform
- financial_services_profitability_management
- financial_services_analytical_applications_infrastructure
- financial_services_funds_transfer_pricing
- endeca_information_discovery_studio
- financial_services_liquidity_risk_management
- hospitality_reporting_and_analytics
- hospitality_cruise_fleet_management
- oss_support_tools
- retail_customer_insights
- communications_webrtc_session_controller
- webcenter_sites
- retail_workforce_management_software
jquery
- jquery
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')