CVE-2015-9251 in Retail Customer Managementinfo

Summary

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Once again VulDB remains the best source for vulnerability data.

Reservation

01/18/2018

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
158434Oracle Retail Customer Management/Segmentation Foundation Promotions cross site scripting79Not definedOfficial fixCVE-2015-9251
153558Oracle Knowledge Information Manager Console/Web Applications cross site scripting79Not definedOfficial fixCVE-2015-9251
143637Oracle WebLogic Server jQuery cross site scripting79Not definedOfficial fixCVE-2015-9251
138160Oracle Diagnostic Assistant Jsch/jQuery cross site scripting79Not definedOfficial fixCVE-2015-9251
138021Oracle Business Intelligence Enterprise Edition cURL cross site scripting79Not definedOfficial fixCVE-2015-9251
137907Oracle Primavera Unifier jackson-databind cross site scripting79Not definedOfficial fixCVE-2015-9251
137897Oracle Application Session Controller jQuery cross site scripting79Not definedOfficial fixCVE-2015-9251
133761Oracle Utilities Mobile Workforce Management Mobile Platform cross site scripting79Not definedOfficial fixCVE-2015-9251
133760Oracle Real-Time Scheduler Mobile Platform cross site scripting79Not definedOfficial fixCVE-2015-9251
133755Oracle OSS Support Tools Remote Diagnostic Agent cross site scripting79Not definedOfficial fixCVE-2015-9251
133735Oracle Retail Invoice Matching jQuery cross site scripting79Not definedOfficial fixCVE-2015-9251
133734Oracle Retail Allocation jQuery cross site scripting79Not definedOfficial fixCVE-2015-9251
133656Oracle JD Edwards EnterpriseOne Tools Web Runtime cross site scripting79Not definedOfficial fixCVE-2015-9251
133625Oracle JDeveloper ADF Faces cross site scripting79Not definedOfficial fixCVE-2015-9251
133624Oracle Fusion Middleware MapViewer Install cross site scripting79Not definedOfficial fixCVE-2015-9251
133584Oracle Hospitality Reporting/Analytics Report cross site scripting79Not definedOfficial fixCVE-2015-9251
133583Oracle Financial Services Reconciliation Framework User cross site scripting79Not definedOfficial fixCVE-2015-9251
133582Oracle Financial Services Profitability Management User cross site scripting79Not definedOfficial fixCVE-2015-9251
133581Oracle Financial Services Market Risk Measurement User cross site scripting79Not definedOfficial fixCVE-2015-9251
133580Oracle Financial Services Loan Loss Forecasting User cross site scripting79Not definedOfficial fixCVE-2015-9251
133579Oracle Financial Services Liquidity Risk Management Internal Operations cross site scripting79Not definedOfficial fixCVE-2015-9251
133578Oracle Financial Services Hedge Management User cross site scripting79Not definedOfficial fixCVE-2015-9251
133577Oracle Financial Services Funds Transfer Pricing User cross site scripting79Not definedOfficial fixCVE-2015-9251
133576Oracle Financial Services Data Integration Hub User cross site scripting79Not definedOfficial fixCVE-2015-9251
133575Oracle Financial Services Asset Liability Management User cross site scripting79Not definedOfficial fixCVE-2015-9251
133574Oracle Financial Services Analytical Applications Infrastructure User cross site scripting79Not definedOfficial fixCVE-2015-9251
133512Oracle Enterprise Operations Monitor jQuery cross site scripting79Not definedOfficial fixCVE-2015-9251
133511Oracle Communications Interactive Session Recorder jQuery cross site scripting79Not definedOfficial fixCVE-2015-9251
129706Oracle Utilities Framework User cross site scripting79Not definedOfficial fixCVE-2015-9251
129703Oracle Agile Product Lifecycle Management for Process Supplier Portal cross site scripting79Not definedOfficial fixCVE-2015-9251
129686Oracle Retail Workforce Management Software jQuery cross site scripting79Not definedOfficial fixCVE-2015-9251
129685Oracle Retail Sales Audit Operational Insights cross site scripting79Not definedOfficial fixCVE-2015-9251
129683Oracle Retail Customer Insights jQuery cross site scripting79Not definedOfficial fixCVE-2015-9251
129660Oracle PeopleSoft Enterprise PeopleTools Mobile Application Platform cross site scripting79Not definedOfficial fixCVE-2015-9251
129612Oracle Insurance Insbridge Rating/Underwriting jQuery cross site scripting79Not definedOfficial fixCVE-2015-9251
129601Oracle Healthcare Foundation Install cross site scripting79Not definedOfficial fixCVE-2015-9251
129572Oracle WebLogic Server jQuery cross site scripting79Not definedOfficial fixCVE-2015-9251
129569Oracle Business Process Management Suite jQuery cross site scripting79Not definedOfficial fixCVE-2015-9251
129519Oracle Enterprise Manager Ops Center Apache ActiveMQ cross site scripting79Not definedOfficial fixCVE-2015-9251
129483Oracle Communications WebRTC Session Controller OpenSSL cross site scripting79Not definedOfficial fixCVE-2015-9251
129482Oracle Communications Converged Application Server OpenSSL cross site scripting79Not definedOfficial fixCVE-2015-9251
125496Oracle Hospitality Guest Access jQuery cross site scripting79Not definedOfficial fixCVE-2015-9251
125488Oracle Healthcare Translational Research Cohort Explorer cross site scripting79Not definedOfficial fixCVE-2015-9251
125480Oracle WebCenter Sites Advanced UI cross site scripting79Not definedOfficial fixCVE-2015-9251
125479Oracle Service Bus OSB Core Functionality cross site scripting79Not definedOfficial fixCVE-2015-9251
125477Oracle Endeca Information Discovery Studio jQuery cross site scripting79Not definedOfficial fixCVE-2015-9251
125421Oracle Hospitality Materials Control MobileAuthWebService cross site scripting79Not definedOfficial fixCVE-2015-9251
125418Oracle Banking Platform jQuery cross site scripting79Not definedOfficial fixCVE-2015-9251
125392Oracle Construction/Engineering Suite Primavera Gateway cross site scripting79Not definedOfficial fixCVE-2015-9251
112187jQuery dataType script.js Cross-Domain cross site scripting79Not definedOfficial fixCVE-2015-9251

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!