CVE-2015-9251
published 2018-01-18CVE-2015-9251: jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing…
medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Affected
107 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| drupal | core | >= 8.0.0 < 8.4.5 | 8.4.5 |
| drupal | drupal_core | — | — |
| jquery | jquery | < 3.0.0 | 3.0.0 |
| jquery | jquery | >= 0 < 1.12.2 | 1.12.2 |
| jquery | jquery | >= 0 < 1.12.2 | 1.12.2 |
| jquery | jquery | >= 1.12.3 < 3.0.0 | 3.0.0 |
| jquery | jquery | >= 1.12.3 < 3.0.0 | 3.0.0 |
| msrc | azl3_boost_1.83.0-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_cal10n_0.8.1.10-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_ceph_18.2.2-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_ceph_18.2.2-8_on_azure_linux_3.0 | — | — |
| msrc | azl3_fontawesome4-fonts_4.7.0-12_on_azure_linux_3.0 | — | — |
| msrc | azl3_javapackages-bootstrap_1.14.0-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_mozjs_102.15.1-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_openscap_1.3.9-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_orangefs_2.9.8-3_on_azure_linux_3.0 | — | — |
| msrc | azl3_python-blinker_1.7.0-4_on_azure_linux_3.0 | — | — |
| msrc | azl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0 | — | — |
| msrc | azl3_rust_1.75.0-14_on_azure_linux_3.0 | — | — |
| msrc | azl3_rust_1.86.0-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_scons_4.6.0-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_slf4j_1.7.30-6_on_azure_linux_3.0 | — | — |
| msrc | azl3_slf4j_2.0.7-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv6.1MEDIUM
vulncheck6.1MEDIUM