CVE-2015-9251
jquery: Cross-site scripting via cross-domain ajax requests
Severity Score
Exploit Likelihood
Affected Versions
81Public Exploits
3Exploited in Wild
-Decision
Descriptions
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
jQuery en versiones anteriores a la 3.0.0 es vulnerable a ataques de Cross-site Scripting (XSS) cuando se realiza una petición Ajax de dominios cruzados sin la opción dataType. Esto provoca que se ejecuten respuestas de texto/javascript.
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include code execution, cross site scripting, denial of service, deserialization, memory exhaustion, and server-side request forgery vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-18 CVE Reserved
- 2018-01-18 CVE Published
- 2019-01-31 First Exploit
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (43)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html | X_refsource_misc |
|
| http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html | X_refsource_misc |
|
| http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html | X_refsource_misc |
|
| http://seclists.org/fulldisclosure/2019/May/10 | Mailing List |
|
| http://seclists.org/fulldisclosure/2019/May/11 | Mailing List |
|
| http://seclists.org/fulldisclosure/2019/May/13 | Mailing List |
|
| http://www.securityfocus.com/bid/105658 | Third Party Advisory | |
| https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04 | Third Party Advisory | |
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601 | X_refsource_confirm | |
| https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.f... | Mailing List |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-... | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2020:0481 | 2023-11-07 | |
| https://access.redhat.com/errata/RHSA-2020:0729 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2015-9251 | 2023-01-31 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1399546 | 2023-01-31 |