2018-01-19 00:29:00 2020-10-26 19:15:00

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE
Oracle Weblogic server 12.1.3.0 * * * (not an official CPE) Oracle Weblogic server 12.2.1.3 * * * (not an official CPE) Oracle Webcenter sites 11.1.1.8.0 * * * (not an official CPE) Oracle Utilities framework * * * * (not an official CPE) Oracle Utilities mobile workforce management 2.3.0 * * * (not an official CPE) Oracle Siebel ui framework 18.10 * * * (not an official CPE) Oracle Siebel ui framework 18.11 * * * (not an official CPE) Oracle Service bus 12.1.3.0.0 * * * (not an official CPE) Oracle Service bus 12.2.1.3.0 * * * (not an official CPE) Oracle Retail workforce management software 1.64.0 * * * (not an official CPE) Oracle Retail workforce management software 1.60.9 * * * (not an official CPE) Oracle Retail customer insights 16.0 * * * (not an official CPE) Oracle Retail sales audit 15.0 * * * (not an official CPE) Oracle Retail invoice matching 15.0 * * * (not an official CPE) Oracle Retail customer insights 15.0 * * * (not an official CPE) Oracle Retail allocation 15.0.2 * * * (not an official CPE) Oracle Real-time scheduler 2.3.0 * * * (not an official CPE) Oracle Primavera unifier 18.8 * * * (not an official CPE) Oracle Primavera unifier * * * * (not an official CPE) Oracle Primavera unifier 16.2 * * * (not an official CPE) Oracle Primavera unifier 16.1 * * * (not an official CPE) Oracle Primavera gateway 17.12 * * * (not an official CPE) Oracle Primavera gateway 15.2 * * * (not an official CPE) Oracle Primavera gateway 16.2 * * * (not an official CPE) Oracle Peoplesoft enterprise peopletools 8.56 * * * (not an official CPE) Oracle Peoplesoft enterprise peopletools 8.57 * * * (not an official CPE) Oracle Peoplesoft enterprise peopletools 8.55 * * * (not an official CPE) Oracle Oss support tools 19.1 * * * (not an official CPE) Oracle Jdeveloper 12.2.1.3.0 * * * (not an official CPE) Oracle Jdeveloper 12.1.3.0.0 * * * (not an official CPE) Oracle Jdeveloper 11.1.1.9.0 * * * (not an official CPE) Oracle Jd edwards enterpriseone tools 9.2 * * * (not an official CPE) Oracle Insurance insbridge rating and underwriting 5.5 * * * (not an official CPE) Oracle Insurance insbridge rating and underwriting 5.4 * * * (not an official CPE) Oracle Insurance insbridge rating and underwriting 5.2 * * * (not an official CPE) Oracle Hospitality reporting and analytics 9.1.0 * * * (not an official CPE) Oracle Hospitality materials control 18.1 * * * (not an official CPE) Oracle Hospitality guest access 4.2.1 * * * (not an official CPE) Oracle Hospitality guest access 4.2.0 * * * (not an official CPE) Oracle Hospitality cruise fleet management 9.0.11 * * * (not an official CPE) Oracle Healthcare foundation 7.1 * * * (not an official CPE) Oracle Healthcare foundation 7.2 * * * (not an official CPE) Oracle Healthcare translational research 3.1.0 * * * (not an official CPE) Oracle Financial services reconciliation framework 8.0.6 * * * (not an official CPE) Oracle Fusion middleware mapviewer 12.2.1.3.0 * * * (not an official CPE) Oracle Financial services profitability management * * * * (not an official CPE) Oracle Financial services reconciliation framework 8.0.5 * * * (not an official CPE) Oracle Financial services market risk measurement and management 8.0.6 * * * (not an official CPE) Oracle Financial services market risk measurement and management 8.0.5 * * * (not an official CPE) Oracle Financial services liquidity risk management * * * * (not an official CPE) Oracle Financial services loan loss forecasting and provisioning * * * * (not an official CPE) Oracle Financial services funds transfer pricing * * * * (not an official CPE) Oracle Financial services hedge management and ifrs valuations * * * * (not an official CPE) Oracle Financial services data integration hub * * * * (not an official CPE) Oracle Financial services asset liability management * * * * (not an official CPE) Oracle Enterprise operations monitor 4.0 * * * (not an official CPE) Oracle Financial services analytical applications infrastructure * * * * (not an official CPE) Oracle Financial services analytical applications infrastructure * * * * (not an official CPE) Oracle Enterprise operations monitor 3.4 * * * (not an official CPE) Oracle Enterprise manager ops center 12.3.3 * * * (not an official CPE) Oracle Enterprise manager ops center 12.2.2 * * * (not an official CPE) Oracle Endeca information discovery studio 3.2.0 * * * (not an official CPE) Oracle Endeca information discovery studio 3.1.0 * * * (not an official CPE) Oracle Communications services gatekeeper * * * * (not an official CPE) Oracle Communications webrtc session controller * * * * (not an official CPE) Oracle Communications interactive session recorder 6.1 * * * (not an official CPE) Oracle Communications interactive session recorder 6.2 * * * (not an official CPE) Oracle Communications interactive session recorder 6.0 * * * (not an official CPE) Oracle Communications converged application server * * * * (not an official CPE) Oracle Business process management suite 12.2.1.3.0 * * * (not an official CPE) Oracle Business process management suite 12.1.3.0.0 * * * (not an official CPE) Oracle Business process management suite 11.1.1.9.0 * * * (not an official CPE) Oracle Banking platform 2.6.1 * * * (not an official CPE) Oracle Banking platform 2.6.2 * * * (not an official CPE) Oracle Banking platform 2.6.0 * * * (not an official CPE) Oracle Agile product lifecycle management for process 6.2.3.1 * * * (not an official CPE) Oracle Agile product lifecycle management for process 6.2.3.0 * * * (not an official CPE) Oracle Agile product lifecycle management for process 6.2.2.0 * * * (not an official CPE) Oracle Agile product lifecycle management for process 6.2.1.0 * * * (not an official CPE) Oracle Agile product lifecycle management for process 6.2.0.0 * * * (not an official CPE) Jquery Jquery * * * * (not an official CPE)
Oracle - Weblogic server Oracle - Webcenter sites Oracle - Utilities framework Oracle - Utilities mobile workforce management Oracle - Siebel ui framework Oracle - Service bus Oracle - Retail workforce management software Oracle - Retail customer insights Oracle - Retail sales audit Oracle - Retail invoice matching Oracle - Retail allocation Oracle - Real-time scheduler Oracle - Primavera unifier Oracle - Primavera gateway Oracle - Peoplesoft enterprise peopletools Oracle - Oss support tools Oracle - Jdeveloper Oracle - Jd edwards enterpriseone tools Oracle - Insurance insbridge rating and underwriting Oracle - Hospitality reporting and analytics Oracle - Hospitality materials control Oracle - Hospitality guest access Oracle - Hospitality cruise fleet management Oracle - Healthcare foundation Oracle - Healthcare translational research Oracle - Financial services reconciliation framework Oracle - Fusion middleware mapviewer Oracle - Financial services profitability management Oracle - Financial services market risk measurement and management Oracle - Financial services liquidity risk management Oracle - Financial services loan loss forecasting and provisioning Oracle - Financial services funds transfer pricing Oracle - Financial services hedge management and ifrs valuations Oracle - Financial services data integration hub Oracle - Financial services asset liability management Oracle - Enterprise operations monitor Oracle - Financial services analytical applications infrastructure Oracle - Enterprise manager ops center Oracle - Endeca information discovery studio Oracle - Communications services gatekeeper Oracle - Communications webrtc session controller Oracle - Communications interactive session recorder Oracle - Communications converged application server Oracle - Business process management suite Oracle - Banking platform Oracle - Agile product lifecycle management for process Jquery - Jquery
Advisory Patch Confirmed Link
https://www.oracle.com/technetwork/security-advisory/cpu...
https://lists.apache.org/thread.html/b0656d359c7d40ec9f3...
https://lists.apache.org/thread.html/ba79cf1658741e9f146...
https://www.oracle.com/technetwork/security-advisory/cpu...
https://www.oracle.com/technetwork/security-advisory/cpu...
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/technetwork/security-advisory/cpu...
https://sw.aveva.com/hubfs/assets-2018/pdf/security-bull...
https://www.oracle.com/security-alerts/cpujan2020.html
https://snyk.io/vuln/npm:jquery:20150627
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1...
https://seclists.org/bugtraq/2019/May/18
https://lists.apache.org/thread.html/54df3aeb4239b64b50b...
https://lists.apache.org/thread.html/52bafac05ad174000ea...
https://lists.apache.org/thread.html/519eb0fd45642dcecd9...
https://lists.apache.org/thread.html/17ff53f7999e74fbe3c...
https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04
https://lists.apache.org/thread.html/10f0f3aefd51444d119...
https://kb.pulsesecure.net/articles/Pulse_Security_Advis...
https://github.com/jquery/jquery/pull/2588/commits/c254d...
https://github.com/jquery/jquery/pull/2588
https://github.com/jquery/jquery/issues/2432
https://github.com/jquery/jquery/commit/f60729f3903d1791...
https://access.redhat.com/errata/RHSA-2020:0729
https://access.redhat.com/errata/RHSA-2020:0481
http://www.oracle.com/technetwork/security-advisory/cpuo...
http://www.securityfocus.com/bid/105658
http://seclists.org/fulldisclosure/2019/May/13
http://seclists.org/fulldisclosure/2019/May/11
http://packetstormsecurity.com/files/156743/OctoberCMS-I...
http://seclists.org/fulldisclosure/2019/May/10
http://packetstormsecurity.com/files/153237/RetireJS-COR...
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1...
http://lists.opensuse.org/opensuse-security-announce/202...
https://www.tenable.com/security/tns-2019-08