CVE-2015-9251

6.1MEDIUM

Key Information:

Vendor
Jquery
Status
Jquery
Vendor
CVE Published:
18 January 2018

Badges

👾 Exploit Exists🟡 Public PoC

Summary

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2015-9251
Created by halkichi0308

CVE-2015-9251
Created by moften

CVE-2015-9251
Created by hackgiver

References

http://www.securityfocus.com/bid/105658
vdb-entryx_refsource_BID
https://seclists.org/bugtraq/2019/May/18
mailing-listx_refsource_BUGTRAQ
http://seclists.org/fulldisclosure/2019/May/11
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.