CVE-2015-9251

EPSS 9.84%
Published 18.01.2018 23:29:00
Last modified 21.11.2024 02:40:09
Source cve@mitre.org
Teams watchlist Login
Open Login

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Affected products Warnungen 0 Metrics 3 CWE 1 References 41

Data is provided by the National Vulnerability Database (NVD)

Jquery ≫ Jquery Version < 3.0.0

Oracle ≫ Agile Product Lifecycle Management For Process Version6.2.0.0

Oracle ≫ Agile Product Lifecycle Management For Process Version6.2.1.0

Oracle ≫ Agile Product Lifecycle Management For Process Version6.2.2.0

Oracle ≫ Agile Product Lifecycle Management For Process Version6.2.3.0

Oracle ≫ Agile Product Lifecycle Management For Process Version6.2.3.1

Oracle ≫ Banking Platform Version2.6.0

Oracle ≫ Banking Platform Version2.6.1

Oracle ≫ Banking Platform Version2.6.2

Oracle ≫ Business Process Management Suite Version11.1.1.9.0

Oracle ≫ Business Process Management Suite Version12.1.3.0.0

Oracle ≫ Business Process Management Suite Version12.2.1.3.0

Oracle ≫ Communications Converged Application Server Version < 7.0.0.1

Oracle ≫ Communications Interactive Session Recorder Version6.0

Oracle ≫ Communications Interactive Session Recorder Version6.1

Oracle ≫ Communications Interactive Session Recorder Version6.2

Oracle ≫ Communications Services Gatekeeper Version < 6.1.0.4.0

Oracle ≫ Communications Webrtc Session Controller Version < 7.2

Oracle ≫ Endeca Information Discovery Studio Version3.1.0

Oracle ≫ Endeca Information Discovery Studio Version3.2.0

Oracle ≫ Enterprise Manager Ops Center Version12.2.2

Oracle ≫ Enterprise Manager Ops Center Version12.3.3

Oracle ≫ Enterprise Operations Monitor Version3.4

Oracle ≫ Enterprise Operations Monitor Version4.0

Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 7.3.3 <= 7.3.5

Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 8.0.0 <= 8.0.7

Oracle ≫ Financial Services Asset Liability Management Version >= 8.0.4 <= 8.0.7

Oracle ≫ Financial Services Data Integration Hub Version >= 8.0.5 <= 8.0.7

Oracle ≫ Financial Services Funds Transfer Pricing Version >= 8.0.4 <= 8.0.7

Oracle ≫ Financial Services Hedge Management And Ifrs Valuations Version >= 8.0.4 <= 8.0.7

Oracle ≫ Financial Services Liquidity Risk Management Version >= 8.0.2 <= 8.0.6

Oracle ≫ Financial Services Loan Loss Forecasting And Provisioning Version >= 8.0.2 <= 8.0.7

Oracle ≫ Financial Services Market Risk Measurement And Management Version8.0.5

Oracle ≫ Financial Services Market Risk Measurement And Management Version8.0.6

Oracle ≫ Financial Services Profitability Management Version >= 8.0.4 <= 8.0.6

Oracle ≫ Financial Services Reconciliation Framework Version8.0.5

Oracle ≫ Financial Services Reconciliation Framework Version8.0.6

Oracle ≫ Fusion Middleware Mapviewer Version12.2.1.3.0

Oracle ≫ Healthcare Foundation Version7.1

Oracle ≫ Healthcare Foundation Version7.2

Oracle ≫ Healthcare Translational Research Version3.1.0

Oracle ≫ Hospitality Cruise Fleet Management Version9.0.11

Oracle ≫ Hospitality Guest Access Version4.2.0

Oracle ≫ Hospitality Guest Access Version4.2.1

Oracle ≫ Hospitality Materials Control Version18.1

Oracle ≫ Hospitality Reporting And Analytics Version9.1.0

Oracle ≫ Insurance Insbridge Rating And Underwriting Version5.2

Oracle ≫ Insurance Insbridge Rating And Underwriting Version5.4

Oracle ≫ Insurance Insbridge Rating And Underwriting Version5.5

Oracle ≫ Jd Edwards Enterpriseone Tools Version9.2

Oracle ≫ Jdeveloper Version11.1.1.9.0

Oracle ≫ Jdeveloper Version12.1.3.0.0

Oracle ≫ Jdeveloper Version12.2.1.3.0

Oracle ≫ Oss Support Tools Version19.1

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.55

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.56

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.57

Oracle ≫ Primavera Gateway Version15.2

Oracle ≫ Primavera Gateway Version16.2

Oracle ≫ Primavera Gateway Version17.12

Oracle ≫ Primavera Unifier Version >= 17.1 <= 17.12

Oracle ≫ Primavera Unifier Version16.1

Oracle ≫ Primavera Unifier Version16.2

Oracle ≫ Primavera Unifier Version18.8

Oracle ≫ Real-time Scheduler Version2.3.0

Oracle ≫ Retail Allocation Version15.0.2

Oracle ≫ Retail Customer Insights Version15.0

Oracle ≫ Retail Customer Insights Version16.0

Oracle ≫ Retail Invoice Matching Version15.0

Oracle ≫ Retail Sales Audit Version15.0

Oracle ≫ Retail Workforce Management Software Version1.60.9

Oracle ≫ Retail Workforce Management Software Version1.64.0

Oracle ≫ Service Bus Version12.1.3.0.0

Oracle ≫ Service Bus Version12.2.1.3.0

Oracle ≫ Siebel Ui Framework Version18.10

Oracle ≫ Siebel Ui Framework Version18.11

Oracle ≫ Utilities Framework Version >= 4.3.0.1 <= 4.3.0.4

Oracle ≫ Utilities Mobile Workforce Management Version2.3.0

Oracle ≫ Webcenter Sites Version11.1.1.8.0

Oracle ≫ Weblogic Server Version12.1.3.0

Oracle ≫ Weblogic Server Version12.2.1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	9.84%	0.927

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html

http://seclists.org/fulldisclosure/2019/May/10

http://seclists.org/fulldisclosure/2019/May/11

http://seclists.org/fulldisclosure/2019/May/13

https://seclists.org/bugtraq/2019/May/18

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Patch

https://www.oracle.com/security-alerts/cpujan2020.html

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Patch