CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Published: Jan 19, 2018
Updated: Nov 8, 2023
CVE: CVE-2015-9251
GHSA: GHSA-rmxg-73gg-4p98
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
jquery / jquery	-	3.0.0
oracle / service_bus	12.1.3.0.0	12.1.3.0.0.x
oracle / primavera_unifier	16.2	16.2.x
oracle / jd_edwards_enterpriseone_tools	9.2	9.2.x
oracle / enterprise_manager_ops_center	12.2.2	12.2.2.x
oracle / webcenter_sites	11.1.1.8.0	11.1.1.8.0.x
oracle / weblogic_server	12.1.3.0	12.1.3.0.x
oracle / jdeveloper	11.1.1.9.0	11.1.1.9.0.x
oracle / primavera_gateway	16.2	16.2.x
oracle / primavera_gateway	15.2	15.2.x
oracle / primavera_unifier	16.1	16.1.x
oracle / jdeveloper	12.1.3.0.0	12.1.3.0.0.x
oracle / peoplesoft_enterprise_peopletools	8.55	8.55.x
oracle / peoplesoft_enterprise_peopletools	8.56	8.56.x
oracle / hospitality_guest_access	4.2.0	4.2.0.x
oracle / hospitality_guest_access	4.2.1	4.2.1.x
oracle / financial_services_market_risk_measurement_and_management	8.0.5	8.0.5.x
oracle / enterprise_manager_ops_center	12.3.3	12.3.3.x
oracle / weblogic_server	12.2.1.3	12.2.1.3.x
oracle / agile_product_lifecycle_management_for_process	6.2.0.0	6.2.0.0.x
oracle / agile_product_lifecycle_management_for_process	6.2.1.0	6.2.1.0.x
oracle / business_process_management_suite	12.1.3.0.0	12.1.3.0.0.x
oracle / business_process_management_suite	12.2.1.3.0	12.2.1.3.0.x
oracle / business_process_management_suite	11.1.1.9.0	11.1.1.9.0.x
oracle / fusion_middleware_mapviewer	12.2.1.3.0	12.2.1.3.0.x
oracle / peoplesoft_enterprise_peopletools	8.57	8.57.x
oracle / retail_sales_audit	15.0	15.0.x
oracle / primavera_unifier	17.1	17.12.x
oracle / hospitality_reporting_and_analytics	9.1.0	9.1.0.x
oracle / communications_services_gatekeeper	-	6.1.0.4.0
oracle / retail_customer_insights	15.0	15.0.x
oracle / retail_customer_insights	16.0	16.0.x
oracle / communications_converged_application_server	-	7.0.0.1
oracle / primavera_gateway	17.12	17.12.x
oracle / banking_platform	2.6.0	2.6.0.x
oracle / banking_platform	2.6.1	2.6.1.x
oracle / banking_platform	2.6.2	2.6.2.x
oracle / primavera_unifier	18.8	18.8.x
oracle / communications_webrtc_session_controller	-	7.2
oracle / jdeveloper	12.2.1.3.0	12.2.1.3.0.x
oracle / service_bus	12.2.1.3.0	12.2.1.3.0.x
oracle / utilities_framework	4.3.0.1	4.3.0.4.x
oracle / agile_product_lifecycle_management_for_process	6.2.2.0	6.2.2.0.x
oracle / agile_product_lifecycle_management_for_process	6.2.3.0	6.2.3.0.x
oracle / agile_product_lifecycle_management_for_process	6.2.3.1	6.2.3.1.x
oracle / retail_workforce_management_software	1.60.9	1.60.9.x
oracle / retail_workforce_management_software	1.64.0	1.64.0.x
oracle / insurance_insbridge_rating_and_underwriting	5.2	5.2.x
oracle / insurance_insbridge_rating_and_underwriting	5.4	5.4.x
oracle / insurance_insbridge_rating_and_underwriting	5.5	5.5.x
oracle / healthcare_foundation	7.1	7.1.x
oracle / healthcare_foundation	7.2	7.2.x
oracle / hospitality_cruise_fleet_management	9.0.11	9.0.11.x
oracle / retail_allocation	15.0.2	15.0.2.x
oracle / retail_invoice_matching	15.0	15.0.x
oracle / oss_support_tools	19.1	19.1.x
oracle / real-time_scheduler	2.3.0	2.3.0.x
oracle / utilities_mobile_workforce_management	2.3.0	2.3.0.x
oracle / financial_services_reconciliation_framework	8.0.5	8.0.5.x
oracle / financial_services_reconciliation_framework	8.0.6	8.0.6.x
oracle / financial_services_profitability_management	8.0.4	8.0.6.x
oracle / financial_services_market_risk_measurement_and_management	8.0.6	8.0.6.x
oracle / financial_services_loan_loss_forecasting_and_provisioning	8.0.2	8.0.7.x
oracle / financial_services_liquidity_risk_management	8.0.2	8.0.6.x
oracle / financial_services_hedge_management_and_ifrs_valuations	8.0.4	8.0.7.x
oracle / financial_services_funds_transfer_pricing	8.0.4	8.0.7.x
oracle / financial_services_data_integration_hub	8.0.5	8.0.7.x
oracle / financial_services_asset_liability_management	8.0.4	8.0.7.x
oracle / financial_services_analytical_applications_infrastructure	7.3.3	7.3.5.x
oracle / financial_services_analytical_applications_infrastructure	8.0.0	8.0.7.x
oracle / enterprise_operations_monitor	3.4	3.4.x
oracle / enterprise_operations_monitor	4.0	4.0.x
oracle / communications_interactive_session_recorder	6.0	6.0.x
oracle / communications_interactive_session_recorder	6.1	6.1.x
oracle / communications_interactive_session_recorder	6.2	6.2.x
oracle / hospitality_materials_control	18.1	18.1.x
oracle / endeca_information_discovery_studio	3.1.0	3.1.0.x
oracle / endeca_information_discovery_studio	3.2.0	3.2.0.x
oracle / healthcare_translational_research	3.1.0	3.1.0.x
oracle / siebel_ui_framework	18.10	18.10.x
oracle / siebel_ui_framework	18.11	18.11.x
jquery	-	3.0.0

Vulnerability Database

CVE-2015-9251

Deep Security Visibility Without the Complexity