Affected versions of jquery interpret text/javascript responses
from cross-origin ajax requests, and automatically execute the
contents in jQuery.globalEval, even when the ajax request
doesn’t contain the dataType option.

Affected configurations

Vulners

Node

rubyjquery-railsRange≤4.2.0

VendorProductVersionCPE
rubyjquery-rails*cpe:2.3:a:ruby:jquery-rails:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ruby	jquery-rails	*	cpe:2.3:a:ruby:jquery-rails::::::::

References

github.com/rails/jquery-rails/releases/tag/v4.2.0

ics 3

ibm 42

f5 1

ubuntucve 1

openvas 4

cvelist 1

attackerkb 1

cbl_mariner 1

cloudfoundry 1

prion 1

debiancve 1

alpinelinux 2

nvd 2

cve 2

github 1

osv 5

nessus 37

freebsd 2

fortinet 1

archlinux 2

atlassian 3

hackerone 1

laminas 2

redhat 10

suse 1

amazon 2

centos 1

almalinux 2

thn 1

oraclelinux 3

rocky 2

oracle 9

ics

AVEVA InTouch Access Anywhere

2018-07-31 12:00:00

Philips Vue PACS (Update C)

2023-02-21 12:00:00

Pepperl+Fuchs WirelessHART-Gateway

2022-04-07 12:00:00

ibm

Security Bulletin: A Security Vulnerability affects IBM® Cloud Private (CVE-2015-9251)

2018-11-19 15:40:01

Security Bulletin: A cross-site scripting vulnerability in JQuery affects IBM InfoSphere Information Server

2021-07-09 13:44:03

Security Bulletin: IBM Tivoli Netcool Impact is affected by a jQuery vulnerability (CVE-2015-9251)

2019-12-20 08:47:33

K29562170 : jQuery vulnerability CVE-2015-9251

2020-02-19 00:00:00

ubuntucve

CVE-2015-9251

2018-01-18 00:00:00

openvas

jQuery < 3.0.0 XSS Vulnerability

2018-11-01 00:00:00

Tenable Nessus Network Monitor < 5.11.0 Multiple Vulnerabilities (TNS-2019-08)

2022-12-20 00:00:00

SUSE: Security Advisory (SUSE-SU-2020:0737-1)

2021-04-19 00:00:00

cvelist

CVE-2015-9251

2018-01-18 23:00:00

attackerkb

CVE-2015-9251

2018-01-18 00:00:00

cbl_mariner

CVE-2015-9251 affecting package slf4j for versions less than 2.0.7-1

2024-07-24 01:52:07

cloudfoundry

CVE-2015-9251: UAA contains vulnerable jQuery version | Cloud Foundry

2019-07-08 00:00:00

prion

Cross site scripting

2018-01-18 23:29:00

debiancve

CVE-2015-9251

2018-01-18 23:29:00

alpinelinux

CVE-2015-9251

2018-01-18 23:29:00

CVE-2017-16012

2018-06-04 19:29:00

nvd

CVE-2015-9251

2018-01-18 23:29:00

CVE-2017-16012

2018-06-04 19:29:00

cve

CVE-2015-9251

2018-01-18 23:29:00

CVE-2017-16012

2018-06-04 19:29:00

github

Cross-Site Scripting (XSS) in jquery

2018-01-22 13:32:06

osv

CVE-2015-9251

2018-01-18 23:29:00

Cross-Site Scripting (XSS) in jquery

2018-01-22 13:32:06

Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

2020-11-03 12:25:36

nessus

FreeBSD : rt -- XSS via jQuery (416ca0f4-3fe0-11e9-bbdd-6805ca0b3d42)

2019-03-07 00:00:00

RHEL 7 : jquery (Unpatched Vulnerability)

2024-06-03 00:00:00

JQuery < 3.0.0 XSS

2019-05-15 00:00:00

freebsd

rt -- XSS via jQuery

2019-03-05 00:00:00

RDoc -- multiple jQuery vulnerabilities

2019-08-28 00:00:00

fortinet

Protect

2019-04-10 00:00:00

archlinux

[ASA-201910-4] ruby-rdoc: cross-site scripting

2019-10-02 00:00:00

[ASA-201910-5] ruby2.5: multiple issues

2019-10-02 00:00:00

atlassian

Jira uses vulnerable jQuery version CVE-2015-9251

2020-04-20 13:29:57

The jQuery version used in JIRA needs to be updated

2015-05-18 09:31:54

Update jQuery to avoid CVE-2020-11022, CVE-2020-11023, and CVE-2015-9251

2021-02-16 18:28:38

hackerone

Ruby: Ruby is shipping a vulnerable jQuery

2019-03-30 14:10:34

laminas

XSS and RCE vectors in laminas-api-tools/api-tools-documentation-swagger

2020-04-01 21:30:00

XSS vectors in laminas-api-tools/api-tools

2020-04-01 21:30:00

redhat

(RHSA-2020:0481) Important: Red Hat JBoss Fuse/A-MQ 6.3 R15 security and bug fix update

2020-02-12 15:24:44

(RHSA-2020:0729) Important: Red Hat Data Grid 7.3.5 security update

2020-03-05 13:05:49

(RHSA-2020:3936) Moderate: ipa security, bug fix, and enhancement update

2020-09-29 07:44:46

suse

2020-03-28 00:00:00

amazon

Important: ruby24

2020-08-26 23:09:00

Medium: ipa

2020-10-22 17:40:00

centos

ipa, python2 security update

2020-10-20 18:15:27

almalinux

Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update

2020-11-03 12:25:36

Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

2020-11-03 12:29:58

thn

Critical Flaws Reported in Philips Vue PACS Medical Imaging Systems

2021-07-09 07:00:00

oraclelinux

idm:DL1 and idm:client security, bug fix, and enhancement update

2020-11-10 00:00:00

ipa security, bug fix, and enhancement update

2020-10-06 00:00:00

pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

2020-11-10 00:00:00

rocky

idm:DL1 and idm:client security, bug fix, and enhancement update

2020-11-03 12:25:36

pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

2020-11-03 12:29:58

oracle

Oracle Critical Patch Update Advisory - January 2019

2019-01-15 00:00:00

Oracle Critical Patch Update Advisory - October 2019

2020-01-22 00:00:00

Oracle Critical Patch Update - October 2018

2018-12-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

JSON

Related for RUBY:JQUERY-RAILS-2015-9251