Sign-up

ID

VAR-201801-0036


CVE

CVE-2015-9251


TITLE

JQuery CVE-2015-9251 Cross Site Scripting Vulnerability

Trust: 0.3

sources: BID: 105658

DESCRIPTION

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. JQuery is prone to a cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Versions prior to JQuery 3.0.0 are vulnerable. jQuery is an open source, cross-browser JavaScript library developed by American John Resig programmers. The library simplifies the operation between HTML and JavaScript, and has the characteristics of modularization and plug-in extension. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code. OctoberCMS is a CMS similar to WordPress, but with much less “fluff”. All of these dependencies are vulnerable. -------------------------------------------------- /october/themes/demo/assets/vendor/bootstrap.js bootstrap 3.3.7 has known vulnerabilities severity: high issue: 28236 summary: XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331 https://github.com/twbs/bootstrap/issues/28236 severity: medium issue: 20184 summary: XSS in data-target property of scrollspy CVE-2018-14041 https://github.com/twbs/bootstrap/issues/20184 severity: medium issue: 20184 summary: XSS in collapse data-parent attribute CVE-2018-14040 https://github.com/twbs/bootstrap/issues/20184 severity: medium issue: 20184 summary: XSS in data-container property of tooltip CVE-2018-14042 https://github.com/twbs/bootstrap/issues/20184 -------------------------------------------------- /october/themes/demo/assets/vendor/jquery.js jquery 1.11.1 has known vulnerabilities severity: medium issue: 2432 summary: 3rd party CORS request may execute CVE-2015-9251 https://github.com/jquery/jquery/issues/2432 http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/ https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: medium CVE-2015-9251 issue: 11974 summary: parseHTML() executes scripts in event handlers https://bugs.jquery.com/ticket/11974 https://nvd.nist.gov/vuln/detail/CVE-2015-9251 http://research.insecurelabs.org/jquery/test/ severity: low CVE-2019-11358 summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b -------------------------------------------------- /october/modules/backend/assets/js/vendor/jquery-and-migrate.min.js jquery 3.3.1 has known vulnerabilities severity: low CVE-2019-11358 summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/ https://nvd.nist.gov/vuln/detail/CVE-2019-11358 https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b All of these vulnerabilities were identified using RetireJS (https://retirejs.github.io/retire.js/), which identifies open source dependency vulnerabilities. Research provided by SECURELI.com

Trust: 1.53

sources: NVD: CVE-2015-9251 // BID: 105658 // VULHUB: VHN-87212 // VULMON: CVE-2015-9251 // PACKETSTORM: 153237 // PACKETSTORM: 156743

AFFECTED PRODUCTS

vendor:oraclemodel:weblogic serverscope:eqversion:12.2.1.3

Trust: 1.3

vendor:oraclemodel:weblogic serverscope:eqversion:12.1.3.0

Trust: 1.3

vendor:oraclemodel:service busscope:eqversion:12.2.1.3.0

Trust: 1.3

vendor:oraclemodel:service busscope:eqversion:12.1.3.0.0

Trust: 1.3

vendor:oraclemodel:retail workforce management softwarescope:eqversion:1.60.9

Trust: 1.3

vendor:oraclemodel:retail sales auditscope:eqversion:15.0

Trust: 1.3

vendor:oraclemodel:retail invoice matchingscope:eqversion:15.0

Trust: 1.3

vendor:oraclemodel:retail customer insightsscope:eqversion:16.0

Trust: 1.3

vendor:oraclemodel:retail customer insightsscope:eqversion:15.0

Trust: 1.3

vendor:oraclemodel:retail allocationscope:eqversion:15.0.2

Trust: 1.3

vendor:oraclemodel:primavera unifierscope:eqversion:18.8

Trust: 1.3

vendor:oraclemodel:primavera unifierscope:eqversion:16.2

Trust: 1.3

vendor:oraclemodel:primavera unifierscope:eqversion:16.1

Trust: 1.3

vendor:oraclemodel:primavera gatewayscope:eqversion:17.12

Trust: 1.3

vendor:oraclemodel:primavera gatewayscope:eqversion:16.2

Trust: 1.3

vendor:oraclemodel:primavera gatewayscope:eqversion:15.2

Trust: 1.3

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.57

Trust: 1.3

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.56

Trust: 1.3

vendor:oraclemodel:peoplesoft enterprise peopletoolsscope:eqversion:8.55

Trust: 1.3

vendor:oraclemodel:oss support toolsscope:eqversion:19.1

Trust: 1.3

vendor:oraclemodel:jdeveloperscope:eqversion:12.2.1.3.0

Trust: 1.3

vendor:oraclemodel:jdeveloperscope:eqversion:12.1.3.0.0

Trust: 1.3

vendor:oraclemodel:jdeveloperscope:eqversion:11.1.1.9.0

Trust: 1.3

vendor:oraclemodel:jd edwards enterpriseone toolsscope:eqversion:9.2

Trust: 1.3

vendor:oraclemodel:insurance insbridge rating and underwritingscope:eqversion:5.5

Trust: 1.3

vendor:oraclemodel:insurance insbridge rating and underwritingscope:eqversion:5.4

Trust: 1.3

vendor:oraclemodel:insurance insbridge rating and underwritingscope:eqversion:5.2

Trust: 1.3

vendor:oraclemodel:hospitality materials controlscope:eqversion:18.1

Trust: 1.3

vendor:oraclemodel:hospitality guest accessscope:eqversion:4.2.1

Trust: 1.3

vendor:oraclemodel:healthcare foundationscope:eqversion:7.2

Trust: 1.3

vendor:oraclemodel:healthcare foundationscope:eqversion:7.1

Trust: 1.3

vendor:oraclemodel:fusion middleware mapviewerscope:eqversion:12.2.1.3.0

Trust: 1.3

vendor:oraclemodel:financial services reconciliation frameworkscope:eqversion:8.0.6

Trust: 1.3

vendor:oraclemodel:financial services reconciliation frameworkscope:eqversion:8.0.5

Trust: 1.3

vendor:oraclemodel:financial services market risk measurement and managementscope:eqversion:8.0.6

Trust: 1.3

vendor:oraclemodel:financial services market risk measurement and managementscope:eqversion:8.0.5

Trust: 1.3

vendor:oraclemodel:enterprise operations monitorscope:eqversion:4.0

Trust: 1.3

vendor:oraclemodel:enterprise operations monitorscope:eqversion:3.4

Trust: 1.3

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.3.3

Trust: 1.3

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.2.2

Trust: 1.3

vendor:oraclemodel:communications interactive session recorderscope:eqversion:6.2

Trust: 1.3

vendor:oraclemodel:communications interactive session recorderscope:eqversion:6.1

Trust: 1.3

vendor:oraclemodel:communications interactive session recorderscope:eqversion:6.0

Trust: 1.3

vendor:oraclemodel:business process management suitescope:eqversion:12.2.1.3.0

Trust: 1.3

vendor:oraclemodel:business process management suitescope:eqversion:12.1.3.0.0

Trust: 1.3

vendor:oraclemodel:business process management suitescope:eqversion:11.1.1.9.0

Trust: 1.3

vendor:oraclemodel:banking platformscope:eqversion:2.6.2

Trust: 1.3

vendor:oraclemodel:banking platformscope:eqversion:2.6.1

Trust: 1.3

vendor:oraclemodel:agile product lifecycle management for processscope:eqversion:6.2.3.1

Trust: 1.3

vendor:oraclemodel:agile product lifecycle management for processscope:eqversion:6.2.3.0

Trust: 1.3

vendor:oraclemodel:agile product lifecycle management for processscope:eqversion:6.2.2.0

Trust: 1.3

vendor:oraclemodel:agile product lifecycle management for processscope:eqversion:6.2.1.0

Trust: 1.3

vendor:oraclemodel:agile product lifecycle management for processscope:eqversion:6.2.0.0

Trust: 1.3

vendor:oraclemodel:endeca information discovery studioscope:eqversion:3.2.0

Trust: 1.0

vendor:oraclemodel:financial services loan loss forecasting and provisioningscope:lteversion:8.0.7

Trust: 1.0

vendor:oraclemodel:hospitality cruise fleet managementscope:eqversion:9.0.11

Trust: 1.0

vendor:oraclemodel:financial services asset liability managementscope:lteversion:8.0.7

Trust: 1.0

vendor:oraclemodel:financial services profitability managementscope:lteversion:8.0.6

Trust: 1.0

vendor:oraclemodel:financial services profitability managementscope:gteversion:8.0.4

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:7.3.5

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:lteversion:4.3.0.4

Trust: 1.0

vendor:oraclemodel:financial services asset liability managementscope:gteversion:8.0.4

Trust: 1.0

vendor:oraclemodel:banking platformscope:eqversion:2.6.0

Trust: 1.0

vendor:oraclemodel:financial services data integration hubscope:lteversion:8.0.7

Trust: 1.0

vendor:oraclemodel:healthcare translational researchscope:eqversion:3.1.0

Trust: 1.0

vendor:oraclemodel:hospitality guest accessscope:eqversion:4.2.0

Trust: 1.0

vendor:oraclemodel:communications converged application serverscope:ltversion:7.0.0.1

Trust: 1.0

vendor:oraclemodel:endeca information discovery studioscope:eqversion:3.1.0

Trust: 1.0

vendor:oraclemodel:siebel ui frameworkscope:eqversion:18.10

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:gteversion:4.3.0.1

Trust: 1.0

vendor:oraclemodel:financial services funds transfer pricingscope:lteversion:8.0.7

Trust: 1.0

vendor:oraclemodel:hospitality reporting and analyticsscope:eqversion:9.1.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:17.1

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:17.12

Trust: 1.0

vendor:jquerymodel:jqueryscope:ltversion:3.0.0

Trust: 1.0

vendor:oraclemodel:utilities mobile workforce managementscope:eqversion:2.3.0

Trust: 1.0

vendor:oraclemodel:financial services loan loss forecasting and provisioningscope:gteversion:8.0.2

Trust: 1.0

vendor:oraclemodel:communications webrtc session controllerscope:ltversion:7.2

Trust: 1.0

vendor:oraclemodel:financial services hedge management and ifrs valuationsscope:lteversion:8.0.7

Trust: 1.0

vendor:oraclemodel:webcenter sitesscope:eqversion:11.1.1.8.0

Trust: 1.0

vendor:oraclemodel:retail workforce management softwarescope:eqversion:1.64.0

Trust: 1.0

vendor:oraclemodel:financial services data integration hubscope:gteversion:8.0.5

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.0.7

Trust: 1.0

vendor:oraclemodel:financial services funds transfer pricingscope:gteversion:8.0.4

Trust: 1.0

vendor:oraclemodel:financial services liquidity risk managementscope:gteversion:8.0.2

Trust: 1.0

vendor:oraclemodel:siebel ui frameworkscope:eqversion:18.11

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:7.3.3

Trust: 1.0

vendor:oraclemodel:financial services liquidity risk managementscope:lteversion:8.0.6

Trust: 1.0

vendor:oraclemodel:financial services hedge management and ifrs valuationsscope:gteversion:8.0.4

Trust: 1.0

vendor:oraclemodel:communications services gatekeeperscope:ltversion:6.1.0.4.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:real-time schedulerscope:eqversion:2.3.0

Trust: 1.0

vendor:oraclemodel:webcenter sitesscope:eqversion:11.1.18.0

Trust: 0.3

vendor:oraclemodel:utilities mobile workforce managementscope:eqversion:2.3

Trust: 0.3

vendor:oraclemodel:utilities frameworkscope:eqversion:4.3.0.4

Trust: 0.3

vendor:oraclemodel:utilities frameworkscope:eqversion:4.3.0.3.0

Trust: 0.3

vendor:oraclemodel:utilities frameworkscope:eqversion:4.3.0.2.0

Trust: 0.3

vendor:oraclemodel:utilities frameworkscope:eqversion:4.3.0.1.0

Trust: 0.3

vendor:oraclemodel:utilities frameworkscope:eqversion:4.3.0.1

Trust: 0.3

vendor:oraclemodel:retail workforce management softwarescope:eqversion:1.64

Trust: 0.3

vendor:oraclemodel:real-time schedulerscope:eqversion:2.3.0.0

Trust: 0.3

vendor:oraclemodel:primavera unifierscope:eqversion:17.7

Trust: 0.3

vendor:oraclemodel:primavera unifierscope:eqversion:17.12

Trust: 0.3

vendor:oraclemodel:hospitality reporting and analyticsscope:eqversion:9.1

Trust: 0.3

vendor:oraclemodel:hospitality guest accessscope:eqversion:4.2

Trust: 0.3

vendor:oraclemodel:healthcare translational researchscope:eqversion:3.1

Trust: 0.3

vendor:oraclemodel:financial services profitability managementscope:eqversion:8.0.6

Trust: 0.3

vendor:oraclemodel:financial services profitability managementscope:eqversion:8.0.5

Trust: 0.3

vendor:oraclemodel:financial services profitability managementscope:eqversion:8.0.4

Trust: 0.3

vendor:oraclemodel:financial services loan loss forecasting and provisioningscope:eqversion:8.0.7

Trust: 0.3

vendor:oraclemodel:financial services loan loss forecasting and provisioningscope:eqversion:8.0.5

Trust: 0.3

vendor:oraclemodel:financial services loan loss forecasting and provisioningscope:eqversion:8.0.4

Trust: 0.3

vendor:oraclemodel:financial services loan loss forecasting and provisioningscope:eqversion:8.0.3

Trust: 0.3

vendor:oraclemodel:financial services loan loss forecasting and provisioningscope:eqversion:8.0.2

Trust: 0.3

vendor:oraclemodel:financial services liquidity risk managementscope:eqversion:8.0.6

Trust: 0.3

vendor:oraclemodel:financial services liquidity risk managementscope:eqversion:8.0.4

Trust: 0.3

vendor:oraclemodel:financial services liquidity risk managementscope:eqversion:8.0.2

Trust: 0.3

vendor:oraclemodel:financial services hedge management and ifrs valuationsscope:eqversion:8.0.7

Trust: 0.3

vendor:oraclemodel:financial services hedge management and ifrs valuationsscope:eqversion:8.0.5

Trust: 0.3

vendor:oraclemodel:financial services hedge management and ifrs valuationsscope:eqversion:8.0.4

Trust: 0.3

vendor:oraclemodel:financial services funds transfer pricingscope:eqversion:8.0.7

Trust: 0.3

vendor:oraclemodel:financial services funds transfer pricingscope:eqversion:8.0.5

Trust: 0.3

vendor:oraclemodel:financial services funds transfer pricingscope:eqversion:8.0.4

Trust: 0.3

vendor:oraclemodel:financial services data integration hubscope:eqversion:8.0.7

Trust: 0.3

vendor:oraclemodel:financial services data integration hubscope:eqversion:8.0.5

Trust: 0.3

vendor:oraclemodel:financial services asset liability managementscope:eqversion:8.0.7

Trust: 0.3

vendor:oraclemodel:financial services asset liability managementscope:eqversion:8.0.5

Trust: 0.3

vendor:oraclemodel:financial services asset liability managementscope:eqversion:8.0.4

Trust: 0.3

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:8.0.7

Trust: 0.3

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:8.0.6

Trust: 0.3

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:8.0.5

Trust: 0.3

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:8.0.4

Trust: 0.3

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:8.0.3

Trust: 0.3

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:8.0.2

Trust: 0.3

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:8.0.1

Trust: 0.3

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:8.0

Trust: 0.3

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:7.3.5

Trust: 0.3

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:7.3.4

Trust: 0.3

vendor:oraclemodel:financial services analytical applications infrastructurescope:eqversion:7.3.3

Trust: 0.3

vendor:oraclemodel:endeca information discovery studioscope:eqversion:3.2

Trust: 0.3

vendor:oraclemodel:endeca information discovery studioscope:eqversion:3.1

Trust: 0.3

vendor:oraclemodel:diagnostic assistantscope:eqversion:2.12

Trust: 0.3

vendor:oraclemodel:communications webrtc session controllerscope:eqversion:7.1

Trust: 0.3

vendor:oraclemodel:communications webrtc session controllerscope:eqversion:7.0

Trust: 0.3

vendor:oraclemodel:communications converged application serverscope:eqversion:7.0

Trust: 0.3

vendor:oraclemodel:communications application session controllerscope:eqversion:3.8

Trust: 0.3

vendor:oraclemodel:communications application session controllerscope:eqversion:3.7.1

Trust: 0.3

vendor:oraclemodel:business intelligence enterprise editionscope:eqversion:12.2.1.4.0

Trust: 0.3

vendor:oraclemodel:business intelligence enterprise editionscope:eqversion:11.1.1.9.0

Trust: 0.3

vendor:oraclemodel:banking platformscope:eqversion:2.6

Trust: 0.3

vendor:jquerymodel:jqueryscope:eqversion:1.9

Trust: 0.3

vendor:jquerymodel:jqueryscope:eqversion:1.6.3

Trust: 0.3

vendor:jquerymodel:jqueryscope:eqversion:1.6.2

Trust: 0.3

vendor:jquerymodel:jqueryscope:eqversion:1.6.1

Trust: 0.3

vendor:jquerymodel:jqueryscope:eqversion:1.4.2

Trust: 0.3

vendor:jquerymodel:jqueryscope:eqversion:1.2.6

Trust: 0.3

vendor:jquerymodel:jqueryscope:eqversion:2.2

Trust: 0.3

vendor:jquerymodel:jqueryscope:eqversion:2.1

Trust: 0.3

vendor:jquerymodel:jqueryscope:eqversion:1.8.1

Trust: 0.3

vendor:jquerymodel:jqueryscope:eqversion:1.8.0

Trust: 0.3

vendor:jquerymodel:jqueryscope:eqversion:1.7.2

Trust: 0.3

vendor:jquerymodel:jqueryscope:eqversion:1.7.1

Trust: 0.3

vendor:jquerymodel:jqueryscope:eqversion:1.6.4

Trust: 0.3

vendor:jquerymodel:jqueryscope:eqversion:1.6

Trust: 0.3

vendor:avevamodel:intouch access anywhere updatescope:eqversion:20172

Trust: 0.3

vendor:avevamodel:intouch access anywherescope:eqversion:2017

Trust: 0.3

vendor:oraclemodel:diagnostic assistantscope:neversion:2.12.36

Trust: 0.3

vendor:oraclemodel:communications webrtc session controllerscope:neversion:7.2

Trust: 0.3

vendor:oraclemodel:communications converged application serverscope:neversion:7.0.0.1

Trust: 0.3

vendor:jquerymodel:jqueryscope:neversion:3.0

Trust: 0.3

vendor:avevamodel:intouch access anywhere update 2bscope:neversion:2017

Trust: 0.3

sources: BID: 105658 // NVD: CVE-2015-9251

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-9251
value: MEDIUM

Trust: 1.0

VULHUB: VHN-87212
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-9251
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-9251
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-87212
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-9251
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-87212 // VULMON: CVE-2015-9251 // NVD: CVE-2015-9251

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

sources: VULHUB: VHN-87212 // NVD: CVE-2015-9251

THREAT TYPE

network

Trust: 0.3

sources: BID: 105658

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 105658

PATCH

title:Red Hat: Important: Red Hat JBoss Fuse/A-MQ 6.3 R15 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200481 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Data Grid 7.3.5 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200729 - Security Advisory

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2015-9251 log

Trust: 0.1

title:Arch Linux Advisories: [ASA-201910-4] ruby-rdoc: cross-site scriptingurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201910-4

Trust: 0.1

title:Red Hat: CVE-2015-9251url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-9251

Trust: 0.1

title:Red Hat: Moderate: idm:DL1 and idm:client security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204670 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: ipa security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203936 - Security Advisory

Trust: 0.1

title:Red Hat: Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204847 - Security Advisory

Trust: 0.1

title:IBM: IBM Security Bulletin: BigFix Platform 9.2.x affected by multiple vulnerabilities (CVE-2017-1231, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3101664cb57ad9d937108c187df59ecf

Trust: 0.1

title:IBM: IBM Security Bulletin: BigFix Platform 9.5.x affected by multiple vulnerabilities (CVE-2019-4013, CVE-2018-5407, CVE-2012-5883, CVE-2012-6708, CVE-2015-9251)url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=7dde8d528837d3c0eae28428fd6e703d

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230556 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.4.9 Security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20230554 - Security Advisory

Trust: 0.1

title:Red Hat: Important: Red Hat Fuse 7.6.0 security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200983 - Security Advisory

Trust: 0.1

title:Amazon Linux 2: ALASRUBY2.6-2023-007url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALASRUBY2.6-2023-007

Trust: 0.1

title:Amazon Linux AMI: ALAS-2020-1422url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1422

Trust: 0.1

title:Arch Linux Advisories: [ASA-201910-5] ruby2.5: multiple issuesurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-201910-5

Trust: 0.1

title:IBM: Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=22fc4d0a2671b6a2b6b740928ccb3e85

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1519url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1519

Trust: 0.1

title:Tenable Security Advisories: [R1] Nessus Network Monitor 5.11.0 Fixes Multiple Third-party Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2019-08

Trust: 0.1

title:Fortinet Security Advisories: FortiSwitch multiple XSS vulnerabilities in the jQuery libraryurl:https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=FG-IR-18-013

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerabilities in Spark affecting IBM QRadar User Behavior Analyticsurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=3823f1edcf270e724f22c0ef0da4007f

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Conductor 2.5.0url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=0bf006d622ea4a9435b282864e760566

Trust: 0.1

title:IBM: Security Bulletin: Multiple vulnerability issues affect IBM Spectrum Symphony 7.3.1url:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=c47c09015d1429df4a71453000607351

Trust: 0.1

title:IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=8580d3cd770371e2ef0f68ca624b80b0

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - January 2019url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=f655264a6935505d167bbf45f409a57b

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - October 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=81c63752a6f26433af2128b2e8c02385

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=586e6062440cdd312211d748e028164e

Trust: 0.1

title: - url:https://github.com/astyn9/Vulnerable-jQuery-v1.12.2-library

Trust: 0.1

title:custom-okta-signin-widgeturl:https://github.com/cniesen/custom-okta-signin-widget

Trust: 0.1

title: - url:https://github.com/andrew-healey/canvas-lms-vuln

Trust: 0.1

title:sheepurl:https://github.com/flyher/sheep

Trust: 0.1

title:watchdogurl:https://github.com/flipkart-incubator/watchdog

Trust: 0.1

title:watchdogurl:https://github.com/rohankumardubey/watchdog

Trust: 0.1

title:oracle-vuln-crawlerurl:https://github.com/zema1/oracle-vuln-crawler

Trust: 0.1

sources: VULMON: CVE-2015-9251

EXTERNAL IDS

db:NVDid:CVE-2015-9251

Trust: 1.7

db:ICS CERTid:ICSA-18-212-04

Trust: 1.4

db:BIDid:105658

Trust: 1.4

db:PACKETSTORMid:153237

Trust: 1.2

db:PACKETSTORMid:156743

Trust: 1.2

db:PACKETSTORMid:152787

Trust: 1.1

db:TENABLEid:TNS-2019-08

Trust: 1.1

db:PULSESECUREid:SA44601

Trust: 1.1

db:PACKETSTORMid:156315

Trust: 0.1

db:PACKETSTORMid:159353

Trust: 0.1

db:PACKETSTORMid:170819

Trust: 0.1

db:PACKETSTORMid:170817

Trust: 0.1

db:PACKETSTORMid:159876

Trust: 0.1

db:PACKETSTORMid:170823

Trust: 0.1

db:PACKETSTORMid:159852

Trust: 0.1

db:PACKETSTORMid:170821

Trust: 0.1

db:PACKETSTORMid:156630

Trust: 0.1

db:PACKETSTORMid:156941

Trust: 0.1

db:CNNVDid:CNNVD-201801-798

Trust: 0.1

db:SEEBUGid:SSVID-98926

Trust: 0.1

db:VULHUBid:VHN-87212

Trust: 0.1

db:VULMONid:CVE-2015-9251

Trust: 0.1

sources: VULHUB: VHN-87212 // VULMON: CVE-2015-9251 // BID: 105658 // PACKETSTORM: 153237 // PACKETSTORM: 156743 // NVD: CVE-2015-9251

REFERENCES

url:http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

Trust: 1.4

url:https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Trust: 1.4

url:https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc

Trust: 1.4

url:https://github.com/jquery/jquery/pull/2588

Trust: 1.4

url:https://ics-cert.us-cert.gov/advisories/icsa-18-212-04

Trust: 1.4

url:https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/securitybulletin_lfsec126.pdf

Trust: 1.4

url:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Trust: 1.4

url:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Trust: 1.4

url:https://github.com/jquery/jquery/issues/2432

Trust: 1.3

url:http://www.securityfocus.com/bid/105658

Trust: 1.1

url:https://seclists.org/bugtraq/2019/may/18

Trust: 1.1

url:https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44601

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20210108-0004/

Trust: 1.1

url:https://www.tenable.com/security/tns-2019-08

Trust: 1.1

url:http://seclists.org/fulldisclosure/2019/may/13

Trust: 1.1

url:http://seclists.org/fulldisclosure/2019/may/11

Trust: 1.1

url:http://seclists.org/fulldisclosure/2019/may/10

Trust: 1.1

url:http://packetstormsecurity.com/files/152787/dotcms-5.1.1-vulnerable-dependencies.html

Trust: 1.1

url:http://packetstormsecurity.com/files/153237/retirejs-cors-issue-script-execution.html

Trust: 1.1

url:http://packetstormsecurity.com/files/156743/octobercms-insecure-dependencies.html

Trust: 1.1

url:https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2

Trust: 1.1

url:https://snyk.io/vuln/npm:jquery:20150627

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2020.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujan2020.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuoct2020.html

Trust: 1.1

url:https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2020:0481

Trust: 1.1

url:https://access.redhat.com/errata/rhsa-2020:0729

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html

Trust: 1.1

url:https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3cdev.flink.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3cissues.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3cdev.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3cuser.flink.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3cuser.flink.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3ccommits.roller.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3cdev.drill.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3cuser.flink.apache.org%3e

Trust: 1.0

url:https://jquery.org/

Trust: 0.3

url:https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/

Trust: 0.2

url:http://research.insecurelabs.org/jquery/test/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2015-9251

Trust: 0.2

url:https://bugs.jquery.com/ticket/11974

Trust: 0.2

url:https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-11358

Trust: 0.2

url:http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/

Trust: 0.2

url:https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3cdev.drill.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3cdev.drill.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3cissues.drill.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3cdev.flink.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3cuser.flink.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3cuser.flink.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3cuser.flink.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3ccommits.roller.apache.org%3e

Trust: 0.1

url:https://github.com/dojo/dojo/pull/307

Trust: 0.1

url:http://bugs.jquery.com/ticket/11290

Trust: 0.1

url:http://secureli.com/retirejs-vulnerabilities-identified-with-retirejs/

Trust: 0.1

url:https://dojotoolkit.org/blog/dojo-1-14-released

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-6708

Trust: 0.1

url:http://github.com/eoftedal/retire.js/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14042

Trust: 0.1

url:https://github.com/twbs/bootstrap/issues/20184

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14040

Trust: 0.1

url:https://retirejs.github.io/retire.js/),

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-14041

Trust: 0.1

url:https://github.com/twbs/bootstrap/issues/28236

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8331

Trust: 0.1

sources: VULHUB: VHN-87212 // BID: 105658 // PACKETSTORM: 153237 // PACKETSTORM: 156743 // NVD: CVE-2015-9251

CREDITS

Oleg Gaidarenko

Trust: 0.3

sources: BID: 105658

SOURCES

db:VULHUBid:VHN-87212
db:VULMONid:CVE-2015-9251
db:BIDid:105658
db:PACKETSTORMid:153237
db:PACKETSTORMid:156743
db:NVDid:CVE-2015-9251

LAST UPDATE DATE

2025-11-23T23:12:04.523000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-87212date:2021-01-08T00:00:00
db:VULMONid:CVE-2015-9251date:2023-11-07T00:00:00
db:BIDid:105658date:2019-07-17T07:00:00
db:NVDid:CVE-2015-9251date:2024-11-21T02:40:09.093

SOURCES RELEASE DATE

db:VULHUBid:VHN-87212date:2018-01-18T00:00:00
db:VULMONid:CVE-2015-9251date:2018-01-18T00:00:00
db:BIDid:105658date:2018-01-18T00:00:00
db:PACKETSTORMid:153237date:2019-06-07T16:22:22
db:PACKETSTORMid:156743date:2020-03-15T12:44:44
db:NVDid:CVE-2015-9251date:2018-01-18T23:29:00.307