CVE-2015-9251

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2015-9251
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2018-01-18 23:29:00 UTC
Updated2023-11-07 02:28:00 UTC
DescriptionjQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Risk And Classification

Problem Types: CWE-79

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Jquery Jquery All All All All
Application Jquery Jquery All All All All
Application Oracle Agile Product Lifecycle Management For Process 6.2.0.0 All All All
Application Oracle Agile Product Lifecycle Management For Process 6.2.1.0 All All All
Application Oracle Agile Product Lifecycle Management For Process 6.2.2.0 All All All
Application Oracle Agile Product Lifecycle Management For Process 6.2.3.0 All All All
Application Oracle Agile Product Lifecycle Management For Process 6.2.3.1 All All All
Application Oracle Agile Product Lifecycle Management For Process 6.2.0.0 All All All
Application Oracle Agile Product Lifecycle Management For Process 6.2.1.0 All All All
Application Oracle Agile Product Lifecycle Management For Process 6.2.2.0 All All All
Application Oracle Agile Product Lifecycle Management For Process 6.2.3.0 All All All
Application Oracle Agile Product Lifecycle Management For Process 6.2.3.1 All All All
Application Oracle Banking Platform 2.6.0 All All All
Application Oracle Banking Platform 2.6.1 All All All
Application Oracle Banking Platform 2.6.2 All All All
Application Oracle Banking Platform 2.6.0 All All All
Application Oracle Banking Platform 2.6.1 All All All
Application Oracle Banking Platform 2.6.2 All All All
Application Oracle Business Process Management Suite 11.1.1.9.0 All All All
Application Oracle Business Process Management Suite 12.1.3.0.0 All All All
Application Oracle Business Process Management Suite 12.2.1.3.0 All All All
Application Oracle Business Process Management Suite 11.1.1.9.0 All All All
Application Oracle Business Process Management Suite 12.1.3.0.0 All All All
Application Oracle Business Process Management Suite 12.2.1.3.0 All All All
Application Oracle Communications Converged Application Server All All All All
Application Oracle Communications Converged Application Server All All All All
Application Oracle Communications Interactive Session Recorder 6.0 All All All
Application Oracle Communications Interactive Session Recorder 6.1 All All All
Application Oracle Communications Interactive Session Recorder 6.2 All All All
Application Oracle Communications Interactive Session Recorder 6.0 All All All
Application Oracle Communications Interactive Session Recorder 6.1 All All All
Application Oracle Communications Interactive Session Recorder 6.2 All All All
Application Oracle Communications Services Gatekeeper All All All All
Application Oracle Communications Services Gatekeeper All All All All
Application Oracle Communications Webrtc Session Controller All All All All
Application Oracle Communications Webrtc Session Controller All All All All
Application Oracle Endeca Information Discovery Studio 3.1.0 All All All
Application Oracle Endeca Information Discovery Studio 3.2.0 All All All
Application Oracle Endeca Information Discovery Studio 3.1.0 All All All
Application Oracle Endeca Information Discovery Studio 3.2.0 All All All
Application Oracle Enterprise Manager Ops Center 12.2.2 All All All
Application Oracle Enterprise Manager Ops Center 12.3.3 All All All
Application Oracle Enterprise Manager Ops Center 12.2.2 All All All
Application Oracle Enterprise Manager Ops Center 12.3.3 All All All
Application Oracle Enterprise Operations Monitor 3.4 All All All
Application Oracle Enterprise Operations Monitor 4.0 All All All
Application Oracle Enterprise Operations Monitor 3.4 All All All
Application Oracle Enterprise Operations Monitor 4.0 All All All
Application Oracle Financial Services Analytical Applications Infrastructure All All All All
Application Oracle Financial Services Analytical Applications Infrastructure All All All All
Application Oracle Financial Services Asset Liability Management All All All All
Application Oracle Financial Services Data Integration Hub All All All All
Application Oracle Financial Services Funds Transfer Pricing All All All All
Application Oracle Financial Services Hedge Management And Ifrs Valuations All All All All
Application Oracle Financial Services Liquidity Risk Management All All All All
Application Oracle Financial Services Loan Loss Forecasting And Provisioning All All All All
Application Oracle Financial Services Market Risk Measurement And Management 8.0.5 All All All
Application Oracle Financial Services Market Risk Measurement And Management 8.0.6 All All All
Application Oracle Financial Services Market Risk Measurement And Management 8.0.5 All All All
Application Oracle Financial Services Market Risk Measurement And Management 8.0.6 All All All
Application Oracle Financial Services Profitability Management All All All All
Application Oracle Financial Services Reconciliation Framework 8.0.5 All All All
Application Oracle Financial Services Reconciliation Framework 8.0.6 All All All
Application Oracle Financial Services Reconciliation Framework 8.0.5 All All All
Application Oracle Financial Services Reconciliation Framework 8.0.6 All All All
Application Oracle Fusion Middleware Mapviewer 12.2.1.3.0 All All All
Application Oracle Fusion Middleware Mapviewer 12.2.1.3.0 All All All
Application Oracle Healthcare Foundation 7.1 All All All
Application Oracle Healthcare Foundation 7.2 All All All
Application Oracle Healthcare Foundation 7.1 All All All
Application Oracle Healthcare Foundation 7.2 All All All
Application Oracle Healthcare Translational Research 3.1.0 All All All
Application Oracle Healthcare Translational Research 3.1.0 All All All
Application Oracle Hospitality Cruise Fleet Management 9.0.11 All All All
Application Oracle Hospitality Cruise Fleet Management 9.0.11 All All All
Application Oracle Hospitality Guest Access 4.2.0 All All All
Application Oracle Hospitality Guest Access 4.2.1 All All All
Application Oracle Hospitality Guest Access 4.2.0 All All All
Application Oracle Hospitality Guest Access 4.2.1 All All All
Application Oracle Hospitality Materials Control 18.1 All All All
Application Oracle Hospitality Materials Control 18.1 All All All
Application Oracle Hospitality Reporting And Analytics 9.1.0 All All All
Application Oracle Hospitality Reporting And Analytics 9.1.0 All All All
Application Oracle Insurance Insbridge Rating And Underwriting 5.2 All All All
Application Oracle Insurance Insbridge Rating And Underwriting 5.4 All All All
Application Oracle Insurance Insbridge Rating And Underwriting 5.5 All All All
Application Oracle Insurance Insbridge Rating And Underwriting 5.2 All All All
Application Oracle Insurance Insbridge Rating And Underwriting 5.4 All All All
Application Oracle Insurance Insbridge Rating And Underwriting 5.5 All All All
Application Oracle Jdeveloper 11.1.1.9.0 All All All
Application Oracle Jdeveloper 12.1.3.0.0 All All All
Application Oracle Jdeveloper 12.2.1.3.0 All All All
Application Oracle Jdeveloper 11.1.1.9.0 All All All
Application Oracle Jdeveloper 12.1.3.0.0 All All All
Application Oracle Jdeveloper 12.2.1.3.0 All All All
Application Oracle Jd Edwards Enterpriseone Tools 9.2 All All All
Application Oracle Jd Edwards Enterpriseone Tools 9.2 All All All
Application Oracle Oss Support Tools 19.1 All All All
Application Oracle Oss Support Tools 19.1 All All All
Application Oracle Peoplesoft Enterprise Peopletools 8.55 All All All
Application Oracle Peoplesoft Enterprise Peopletools 8.56 All All All
Application Oracle Peoplesoft Enterprise Peopletools 8.57 All All All
Application Oracle Peoplesoft Enterprise Peopletools 8.55 All All All
Application Oracle Peoplesoft Enterprise Peopletools 8.56 All All All
Application Oracle Peoplesoft Enterprise Peopletools 8.57 All All All
Application Oracle Primavera Gateway 15.2 All All All
Application Oracle Primavera Gateway 16.2 All All All
Application Oracle Primavera Gateway 17.12 All All All
Application Oracle Primavera Gateway 15.2 All All All
Application Oracle Primavera Gateway 16.2 All All All
Application Oracle Primavera Gateway 17.12 All All All
Application Oracle Primavera Unifier 16.1 All All All
Application Oracle Primavera Unifier 16.2 All All All
Application Oracle Primavera Unifier 18.8 All All All
Application Oracle Primavera Unifier 16.1 All All All
Application Oracle Primavera Unifier 16.2 All All All
Application Oracle Primavera Unifier 18.8 All All All
Application Oracle Primavera Unifier All All All All
Application Oracle Real-time Scheduler 2.3.0 All All All
Application Oracle Real-time Scheduler 2.3.0 All All All
Application Oracle Retail Allocation 15.0.2 All All All
Application Oracle Retail Allocation 15.0.2 All All All
Application Oracle Retail Customer Insights 15.0 All All All
Application Oracle Retail Customer Insights 16.0 All All All
Application Oracle Retail Customer Insights 15.0 All All All
Application Oracle Retail Customer Insights 16.0 All All All
Application Oracle Retail Invoice Matching 15.0 All All All
Application Oracle Retail Invoice Matching 15.0 All All All
Application Oracle Retail Sales Audit 15.0 All All All
Application Oracle Retail Sales Audit 15.0 All All All
Application Oracle Retail Workforce Management Software 1.60.9 All All All
Application Oracle Retail Workforce Management Software 1.64.0 All All All
Application Oracle Retail Workforce Management Software 1.60.9 All All All
Application Oracle Retail Workforce Management Software 1.64.0 All All All
Application Oracle Service Bus 12.1.3.0.0 All All All
Application Oracle Service Bus 12.2.1.3.0 All All All
Application Oracle Service Bus 12.1.3.0.0 All All All
Application Oracle Service Bus 12.2.1.3.0 All All All
Application Oracle Siebel Ui Framework 18.10 All All All
Application Oracle Siebel Ui Framework 18.11 All All All
Application Oracle Siebel Ui Framework 18.10 All All All
Application Oracle Siebel Ui Framework 18.11 All All All
Application Oracle Utilities Framework All All All All
Application Oracle Utilities Mobile Workforce Management 2.3.0 All All All
Application Oracle Utilities Mobile Workforce Management 2.3.0 All All All
Application Oracle Webcenter Sites 11.1.1.8.0 All All All
Application Oracle Webcenter Sites 11.1.1.8.0 All All All
Application Oracle Weblogic Server 12.1.3.0 All All All
Application Oracle Weblogic Server 12.2.1.3 All All All
Application Oracle Weblogic Server 12.1.3.0 All All All
Application Oracle Weblogic Server 12.2.1.3 All All All

References

ReferenceSourceLinkTags
Pony Mail! lists.apache.org
dotCMS 5.1.1 Vulnerable Dependencies ≈ Packet Storm MISC packetstormsecurity.com
Pony Mail! lists.apache.org
Pony Mail! MLIST lists.apache.org
CVE-2015-9251 jQuery Vulnerability in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
Oracle Critical Patch Update Advisory - July 2020 MISC www.oracle.com
Pony Mail! MLIST lists.apache.org
Red Hat Customer Portal REDHAT access.redhat.com
JQuery CVE-2015-9251 Cross Site Scripting Vulnerability BID www.securityfocus.com Third Party Advisory, VDB Entry
Red Hat Customer Portal REDHAT access.redhat.com
sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSe... MISC sw.aveva.com Third Party Advisory
Oracle Critical Patch Update Advisory - October 2020 MISC www.oracle.com
Pony Mail! MLIST lists.apache.org
Ajax: Mitigate possible XSS vulnerability · jquery/jquery@f60729f · GitHub MISC github.com Patch, Third Party Advisory
Full Disclosure: dotCMS v5.1.1 HTML Injection & XSS Vulnerability FULLDISC seclists.org
Ajax: Mitigate possible XSS vulnerability by markelog · Pull Request #2588 · jquery/jquery · GitHub MISC github.com Patch, Third Party Advisory
RetireJS CORS Issue / Script Execution ≈ Packet Storm MISC packetstormsecurity.com
[R1] Nessus Network Monitor 5.11.0 Fixes Multiple Third-party Vulnerabilities - Security Advisory | Tenable® CONFIRM www.tenable.com
Pony Mail! lists.apache.org
OctoberCMS Insecure Dependencies ≈ Packet Storm MISC packetstormsecurity.com
Public KB - SA44601 - 2020-10: Security Bulletin: Multiple Vulnerabilities Resolved in Pulse Connect Secure / Pulse Policy Secure / Pulse Secure Desktop Client 9.1R9 CONFIRM kb.pulsesecure.net
Pony Mail! lists.apache.org
[security-announce] openSUSE-SU-2020:0395-1: important: Recommended upda SUSE lists.opensuse.org
Pony Mail! lists.apache.org
Oracle Critical Patch Update - January 2019 CONFIRM www.oracle.com Patch
Full Disclosure: dotCMS v5.1.1 Vulnerabilities FULLDISC seclists.org
Oracle Critical Patch Update - July 2019 MISC www.oracle.com
Full Disclosure: Re: dotCMS v5.1.1 HTML Injection & XSS Vulnerability FULLDISC seclists.org
Pony Mail! MLIST lists.apache.org
Pony Mail! lists.apache.org
Cross-site Scripting (XSS) in jquery | Snyk MISC snyk.io Patch, Third Party Advisory
Inadequate/dangerous jQuery behavior for 3rd party text/javascript responses · Issue #2432 · jquery/jquery · GitHub MISC github.com Issue Tracking, Patch, Third Party Advisory
CPU Oct 2018 CONFIRM www.oracle.com Patch
Pony Mail! lists.apache.org
Oracle Critical Patch Update - October 2019 MISC www.oracle.com
Oracle Critical Patch Update Advisory - January 2020 MISC www.oracle.com
Bugtraq: dotCMS v5.1.1 Vulnerabilities BUGTRAQ seclists.org
Pony Mail! MLIST lists.apache.org
Ajax: Mitigate possible XSS vulnerability by markelog · Pull Request #2588 · jquery/jquery · GitHub MISC github.com Issue Tracking, Patch, Third Party Advisory
Oracle Critical Patch Update Advisory - April 2020 N/A www.oracle.com
Pony Mail! MLIST lists.apache.org
Pony Mail! MLIST lists.apache.org
Pony Mail! MLIST lists.apache.org
AVEVA InTouch Access Anywhere | CISA MISC ics-cert.us-cert.gov Third Party Advisory, US Government Resource
Pony Mail! lists.apache.org
Oracle Critical Patch Update Advisory - April 2019 MISC www.oracle.com Patch
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 159652 Oracle Enterprise Linux Security Update for idm:dl1 and idm:client (ELSA-2020-4670)
  • 159679 Oracle Enterprise Linux Security Update for pki-core:10.6 and pki-deps:10.6 (ELSA-2020-4847)
  • 241153 Red Hat Update for JBoss Enterprise Application Platform 7.4.9 (RHSA-2023:0554)
  • 241154 Red Hat Update for JBoss Enterprise Application Platform 7.4.9 (RHSA-2023:0552)
  • 241155 Red Hat Update for JBoss Enterprise Application Platform 7.4.9 (RHSA-2023:0553)
  • 356305 Amazon Linux Security Advisory for ruby : ALASRUBY2.6-2023-007
  • 377492 Alibaba Cloud Linux Security Update for ipa (ALINUX2-SA-2020:0169)
  • 690723 Free Berkeley Software Distribution (FreeBSD) Security Update for rt (416ca0f4-3fe0-11e9-bbdd-6805ca0b3d42)
  • 730869 jQuery Cross-Site Scripting (XSS)Vulnerability
  • 940071 AlmaLinux Security Update for idm:DL1 and idm:client (ALSA-2020:4670)
  • 940348 AlmaLinux Security Update for pki-core:10.6 and pki-deps:10.6 (ALSA-2020:4847)
  • 960340 Rocky Linux Security Update for idm:DL1 and idm:client (RLSA-2020:4670)
  • 960454 Rocky Linux Security Update for pki-core:10.6 and pki-deps:10.6 (RLSA-2020:4847)
  • 980878 Nodejs (npm) Security Update for jquery (GHSA-rmxg-73gg-4p98)
  • 995418 Java (Maven) Security Update for org.webjars.npm:jquery (GHSA-rmxg-73gg-4p98)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report