CVE-2015-9251

Опубликовано: 18 янв. 2018

Источник: debian

Описание

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
jquery	fixed	3.1.1-1		package
jquery	ignored		jessie	package
jquery	ignored		wheezy	package

Примечания

https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc
https://github.com/jquery/jquery/issues/2432
https://github.com/jquery/jquery/pull/2588
https://snyk.io/vuln/npm:jquery:20150627
only 3.0 was fixed upstream, because fix considered too invasive: https://github.com/jquery/jquery/issues/2432#issuecomment-290983196

Связанные уязвимости

CVE-2015-9251

CVSS3: 6.1

ubuntu

больше 7 лет назад

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

CVE-2015-9251

CVSS3: 6.1

redhat

почти 10 лет назад

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

CVE-2015-9251

CVSS3: 6.1

nvd

больше 7 лет назад

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

CVE-2015-9251

CVSS3: 6.1

msrc

5 месяцев назад

Описание отсутствует

GHSA-rmxg-73gg-4p98

CVSS3: 6.1

github

больше 7 лет назад

Cross-Site Scripting (XSS) in jquery