Описание
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | jquery | Fix deferred | ||
| Red Hat Enterprise Linux 7 | pcs | Not affected | ||
| Red Hat Enterprise Linux 7 | pki-core | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | python-XStatic-jQuery | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer | ruby193-rubygem-jquery-ui-rails | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | python-XStatic-jQuery | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | ruby193-rubygem-jquery-rails | Will not fix | ||
| Red Hat OpenStack Platform 10 (Newton) | python-XStatic-jQuery | Will not fix | ||
| Red Hat OpenStack Platform 11 (Ocata) | python-XStatic-jQuery | Will not fix | ||
| Red Hat OpenStack Platform 8 (Liberty) | python-XStatic-jQuery | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Связанные уязвимости
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attack ...
EPSS
6.1 Medium
CVSS3
4.3 Medium
CVSS2