6.1
CVE-2015-9251
- EPSS 29.73%
- Veröffentlicht 18.01.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 02:40:09
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Agile Product Lifecycle Management For Process Version6.2.0.0
Oracle ≫ Agile Product Lifecycle Management For Process Version6.2.1.0
Oracle ≫ Agile Product Lifecycle Management For Process Version6.2.2.0
Oracle ≫ Agile Product Lifecycle Management For Process Version6.2.3.0
Oracle ≫ Agile Product Lifecycle Management For Process Version6.2.3.1
Oracle ≫ Banking Platform Version2.6.0
Oracle ≫ Banking Platform Version2.6.1
Oracle ≫ Banking Platform Version2.6.2
Oracle ≫ Business Process Management Suite Version11.1.1.9.0
Oracle ≫ Business Process Management Suite Version12.1.3.0.0
Oracle ≫ Business Process Management Suite Version12.2.1.3.0
Oracle ≫ Communications Converged Application Server Version < 7.0.0.1
Oracle ≫ Communications Interactive Session Recorder Version6.0
Oracle ≫ Communications Interactive Session Recorder Version6.1
Oracle ≫ Communications Interactive Session Recorder Version6.2
Oracle ≫ Communications Services Gatekeeper Version < 6.1.0.4.0
Oracle ≫ Communications Webrtc Session Controller Version < 7.2
Oracle ≫ Endeca Information Discovery Studio Version3.1.0
Oracle ≫ Endeca Information Discovery Studio Version3.2.0
Oracle ≫ Enterprise Manager Ops Center Version12.2.2
Oracle ≫ Enterprise Manager Ops Center Version12.3.3
Oracle ≫ Enterprise Operations Monitor Version3.4
Oracle ≫ Enterprise Operations Monitor Version4.0
Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 7.3.3 <= 7.3.5
Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 8.0.0 <= 8.0.7
Oracle ≫ Financial Services Asset Liability Management Version >= 8.0.4 <= 8.0.7
Oracle ≫ Financial Services Data Integration Hub Version >= 8.0.5 <= 8.0.7
Oracle ≫ Financial Services Funds Transfer Pricing Version >= 8.0.4 <= 8.0.7
Oracle ≫ Financial Services Hedge Management And Ifrs Valuations Version >= 8.0.4 <= 8.0.7
Oracle ≫ Financial Services Liquidity Risk Management Version >= 8.0.2 <= 8.0.6
Oracle ≫ Financial Services Loan Loss Forecasting And Provisioning Version >= 8.0.2 <= 8.0.7
Oracle ≫ Financial Services Market Risk Measurement And Management Version8.0.5
Oracle ≫ Financial Services Market Risk Measurement And Management Version8.0.6
Oracle ≫ Financial Services Profitability Management Version >= 8.0.4 <= 8.0.6
Oracle ≫ Financial Services Reconciliation Framework Version8.0.5
Oracle ≫ Financial Services Reconciliation Framework Version8.0.6
Oracle ≫ Fusion Middleware Mapviewer Version12.2.1.3.0
Oracle ≫ Healthcare Foundation Version7.1
Oracle ≫ Healthcare Foundation Version7.2
Oracle ≫ Healthcare Translational Research Version3.1.0
Oracle ≫ Hospitality Cruise Fleet Management Version9.0.11
Oracle ≫ Hospitality Guest Access Version4.2.0
Oracle ≫ Hospitality Guest Access Version4.2.1
Oracle ≫ Hospitality Materials Control Version18.1
Oracle ≫ Hospitality Reporting And Analytics Version9.1.0
Oracle ≫ Insurance Insbridge Rating And Underwriting Version5.2
Oracle ≫ Insurance Insbridge Rating And Underwriting Version5.4
Oracle ≫ Insurance Insbridge Rating And Underwriting Version5.5
Oracle ≫ Jd Edwards Enterpriseone Tools Version9.2
Oracle ≫ Jdeveloper Version11.1.1.9.0
Oracle ≫ Jdeveloper Version12.1.3.0.0
Oracle ≫ Jdeveloper Version12.2.1.3.0
Oracle ≫ Oss Support Tools Version19.1
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.55
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.56
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.57
Oracle ≫ Primavera Gateway Version15.2
Oracle ≫ Primavera Gateway Version16.2
Oracle ≫ Primavera Gateway Version17.12
Oracle ≫ Primavera Unifier Version >= 17.1 <= 17.12
Oracle ≫ Primavera Unifier Version16.1
Oracle ≫ Primavera Unifier Version16.2
Oracle ≫ Primavera Unifier Version18.8
Oracle ≫ Real-time Scheduler Version2.3.0
Oracle ≫ Retail Allocation Version15.0.2
Oracle ≫ Retail Customer Insights Version15.0
Oracle ≫ Retail Customer Insights Version16.0
Oracle ≫ Retail Invoice Matching Version15.0
Oracle ≫ Retail Sales Audit Version15.0
Oracle ≫ Retail Workforce Management Software Version1.60.9
Oracle ≫ Retail Workforce Management Software Version1.64.0
Oracle ≫ Service Bus Version12.1.3.0.0
Oracle ≫ Service Bus Version12.2.1.3.0
Oracle ≫ Siebel Ui Framework Version18.10
Oracle ≫ Siebel Ui Framework Version18.11
Oracle ≫ Utilities Framework Version >= 4.3.0.1 <= 4.3.0.4
Oracle ≫ Utilities Mobile Workforce Management Version2.3.0
Oracle ≫ Webcenter Sites Version11.1.1.8.0
Oracle ≫ Weblogic Server Version12.1.3.0
Oracle ≫ Weblogic Server Version12.2.1.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 29.73% | 0.98 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
http://seclists.org/fulldisclosure/2019/May/10
http://seclists.org/fulldisclosure/2019/May/11
http://seclists.org/fulldisclosure/2019/May/13
https://seclists.org/bugtraq/2019/May/18
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://github.com/jquery/jquery/issues/2432
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.tenable.com/security/tns-2019-08
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E
https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E
https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E
https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html
http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
http://www.securityfocus.com/bid/105658
https://access.redhat.com/errata/RHSA-2020:0481
https://access.redhat.com/errata/RHSA-2020:0729
https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc
https://github.com/jquery/jquery/pull/2588
https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2
https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
https://security.netapp.com/advisory/ntap-20210108-0004/
https://snyk.io/vuln/npm:jquery:20150627
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf