1. Home
  2. Vulnerabilities
  3. CVE-2015-9251

CVE-2015-9251

CVSS v3.0 6.1 (Medium)
61% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.66 % (80th)
0.66% Progress
Affected Products 47
Advisories 19
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Related CVEs
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2018-01-18 23:29:00
(6 years ago)
Updated Date
2023-11-07 02:28:57
(10 months ago)

Affected Products

Jquery

Oracle

Configuration #1

    CPE23 From Up To
  Jquery prior 3.0.0 version cpe:2.3:a:jquery:jquery < 3.0.0

Configuration #2

    CPE23 From Up To
  Oracle Agile Product Lifecycle Management for Process 6.2.0.0 cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0
  Oracle Agile Product Lifecycle Management for Process 6.2.1.0 cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0
  Oracle Agile Product Lifecycle Management for Process 6.2.2.0 cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0
  Oracle Agile Product Lifecycle Management for Process 6.2.3.0 cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0
  Oracle Agile Product Lifecycle Management for Process 6.2.3.1 cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1
  Oracle Banking Platform 2.6.0 cpe:2.3:a:oracle:banking_platform:2.6.0
  Oracle Banking Platform 2.6.1 cpe:2.3:a:oracle:banking_platform:2.6.1
  Oracle Banking Platform 2.6.2 cpe:2.3:a:oracle:banking_platform:2.6.2
  Oracle Business Process Management Suite 11.1.1.9.0 cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0
  Oracle Business Process Management Suite 12.1.3.0.0 cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0
  Oracle Business Process Management Suite 12.2.1.3.0 cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0
  Oracle Communications Converged Application Server prior 7.0.0.1 version cpe:2.3:a:oracle:communications_converged_application_server < 7.0.0.1
  Oracle Communications Interactive Session Recorder 6.0 cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0
  Oracle Communications Interactive Session Recorder 6.1 cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1
  Oracle Communications Interactive Session Recorder 6.2 cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2
  Oracle Communications Services Gatekeeper prior 6.1.0.4.0 version cpe:2.3:a:oracle:communications_services_gatekeeper < 6.1.0.4.0
  Oracle Communications Webrtc Session Controller prior 7.2 version cpe:2.3:a:oracle:communications_webrtc_session_controller < 7.2
  Oracle Endeca Information Discovery Studio 3.1.0 cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0
  Oracle Endeca Information Discovery Studio 3.2.0 cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0
  Oracle Enterprise Manager Ops Center 12.2.2 cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2
  Oracle Enterprise Manager Ops Center 12.3.3 cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3
  Oracle Enterprise Operations Monitor 3.4 cpe:2.3:a:oracle:enterprise_operations_monitor:3.4
  Oracle Enterprise Operations Monitor 4.0 cpe:2.3:a:oracle:enterprise_operations_monitor:4.0
  Oracle Financial Services Analytical Applications Infrastructure from 7.3.3 version and 7.3.5 and prior versions cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure >= 7.3.3 <= 7.3.5
  Oracle Financial Services Analytical Applications Infrastructure from 8.0.0 version and 8.0.7 and prior versions cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure >= 8.0.0 <= 8.0.7
  Oracle Financial Services Asset Liability Management from 8.0.4 version and 8.0.7 and prior versions cpe:2.3:a:oracle:financial_services_asset_liability_management >= 8.0.4 <= 8.0.7
  Oracle Financial Services Data Integration Hub from 8.0.5 version and 8.0.7 and prior versions cpe:2.3:a:oracle:financial_services_data_integration_hub >= 8.0.5 <= 8.0.7
  Oracle Financial Services Funds Transfer Pricing from 8.0.4 version and 8.0.7 and prior versions cpe:2.3:a:oracle:financial_services_funds_transfer_pricing >= 8.0.4 <= 8.0.7
  Oracle Financial Services Hedge Management And Ifrs Valuations from 8.0.4 version and 8.0.7 and prior versions cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations >= 8.0.4 <= 8.0.7
  Oracle Financial Services Liquidity Risk Management from 8.0.2 version and 8.0.6 and prior versions cpe:2.3:a:oracle:financial_services_liquidity_risk_management >= 8.0.2 <= 8.0.6
  Oracle Financial Services Loan Loss Forecasting And Provisioning from 8.0.2 version and 8.0.7 and prior versions cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning >= 8.0.2 <= 8.0.7
  Oracle Financial Services Market Risk Measurement And Management 8.0.5 cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5
  Oracle Financial Services Market Risk Measurement And Management 8.0.6 cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6
  Oracle Financial Services Profitability Management from 8.0.4 version and 8.0.6 and prior versions cpe:2.3:a:oracle:financial_services_profitability_management >= 8.0.4 <= 8.0.6
  Oracle Financial Services Reconciliation Framework 8.0.5 cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5
  Oracle Financial Services Reconciliation Framework 8.0.6 cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6
  Oracle Fusion Middleware Mapviewer 12.2.1.3.0 cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0
  Oracle Healthcare Foundation 7.1 cpe:2.3:a:oracle:healthcare_foundation:7.1
  Oracle Healthcare Foundation 7.2 cpe:2.3:a:oracle:healthcare_foundation:7.2
  Oracle Healthcare Translational Research 3.1.0 cpe:2.3:a:oracle:healthcare_translational_research:3.1.0
  Oracle Hospitality Cruise Fleet Management 9.0.11 cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11
  Oracle Hospitality Guest Access 4.2.0 cpe:2.3:a:oracle:hospitality_guest_access:4.2.0
  Oracle Hospitality Guest Access 4.2.1 cpe:2.3:a:oracle:hospitality_guest_access:4.2.1
  Oracle Hospitality Materials Control 18.1 cpe:2.3:a:oracle:hospitality_materials_control:18.1
  Oracle Hospitality Reporting And Analytics 9.1.0 cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0
  Oracle Insurance Insbridge Rating And Underwriting 5.2 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2
  Oracle Insurance Insbridge Rating And Underwriting 5.4 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4
  Oracle Insurance Insbridge Rating And Underwriting 5.5 cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5
  Oracle Jd Edwards Enterpriseone Tools 9.2 cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2
  Oracle Jdeveloper 11.1.1.9.0 cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0
  Oracle Jdeveloper 12.1.3.0.0 cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0
  Oracle Jdeveloper 12.2.1.3.0 cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0
  Oracle Oss Support Tools 19.1 cpe:2.3:a:oracle:oss_support_tools:19.1
  Oracle Peoplesoft Enterprise Peopletools 8.55 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55
  Oracle Peoplesoft Enterprise Peopletools 8.56 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56
  Oracle Peoplesoft Enterprise Peopletools 8.57 cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57
  Oracle Primavera Gateway 15.2 cpe:2.3:a:oracle:primavera_gateway:15.2
  Oracle Primavera Gateway 16.2 cpe:2.3:a:oracle:primavera_gateway:16.2
  Oracle Primavera Gateway 17.12 cpe:2.3:a:oracle:primavera_gateway:17.12
  Oracle Primavera Unifier from 17.1 version and 17.12 and prior versions cpe:2.3:a:oracle:primavera_unifier >= 17.1 <= 17.12
  Oracle Primavera Unifier 16.1 cpe:2.3:a:oracle:primavera_unifier:16.1
  Oracle Primavera Unifier 16.2 cpe:2.3:a:oracle:primavera_unifier:16.2
  Oracle Primavera Unifier 18.8 cpe:2.3:a:oracle:primavera_unifier:18.8
  Oracle Real-time Scheduler 2.3.0 cpe:2.3:a:oracle:real-time_scheduler:2.3.0
  Oracle Retail Allocation 15.0.2 cpe:2.3:a:oracle:retail_allocation:15.0.2
  Oracle Retail Customer Insights 15.0 cpe:2.3:a:oracle:retail_customer_insights:15.0
  Oracle Retail Customer Insights 16.0 cpe:2.3:a:oracle:retail_customer_insights:16.0
  Oracle Retail Invoice Matching 15.0 cpe:2.3:a:oracle:retail_invoice_matching:15.0
  Oracle Retail Sales Audit 15.0 cpe:2.3:a:oracle:retail_sales_audit:15.0
  Oracle Retail Workforce Management Software 1.60.9 cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9
  Oracle Retail Workforce Management Software 1.64.0 cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0
  Oracle Service Bus 12.1.3.0.0 cpe:2.3:a:oracle:service_bus:12.1.3.0.0
  Oracle Service Bus 12.2.1.3.0 cpe:2.3:a:oracle:service_bus:12.2.1.3.0
  Oracle Siebel Ui Framework 18.10 cpe:2.3:a:oracle:siebel_ui_framework:18.10
  Oracle Siebel Ui Framework 18.11 cpe:2.3:a:oracle:siebel_ui_framework:18.11
  Oracle Utilities Framework from 4.3.0.1 version and 4.3.0.4 and prior versions cpe:2.3:a:oracle:utilities_framework >= 4.3.0.1 <= 4.3.0.4
  Oracle Utilities Mobile Workforce Management 2.3.0 cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0
  Oracle Webcenter Sites 11.1.1.8.0 cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0
  Oracle Weblogic Server 12.1.3.0 cpe:2.3:a:oracle:weblogic_server:12.1.3.0
  Oracle Weblogic Server 12.2.1.3 cpe:2.3:a:oracle:weblogic_server:12.2.1.3