Описание
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat 3scale API Management Platform 2 | jquery | Fix deferred | ||
| Red Hat Enterprise Linux 7 | pcs | Not affected | ||
| Red Hat Enterprise Linux 7 | pki-core | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | python-XStatic-jQuery | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer | ruby193-rubygem-jquery-ui-rails | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | python-XStatic-jQuery | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | ruby193-rubygem-jquery-rails | Will not fix | ||
| Red Hat OpenStack Platform 10 (Newton) | python-XStatic-jQuery | Will not fix | ||
| Red Hat OpenStack Platform 11 (Ocata) | python-XStatic-jQuery | Will not fix | ||
| Red Hat OpenStack Platform 8 (Liberty) | python-XStatic-jQuery | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1399546jquery: Cross-site scripting via cross-domain ajax requests
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Связанные уязвимости
CVSS3: 6.1
ubuntu
почти 8 лет назад
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVSS3: 6.1
nvd
почти 8 лет назад
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CVSS3: 6.1
debian
почти 8 лет назад
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attack ...
6.1 Medium
CVSS3
4.3 Medium
CVSS2