Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for hospitality_materials_control by oracle

    CVE-2021-41184 (GCVE-0-2021-41184)

    Vulnerability from nvd – Published: 2021-10-26 00:00 – Updated: 2025-11-04 16:09
    VLAI
    Title
    XSS in the `of` option of the `.position()` util
    Summary
    jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    jquery jquery-ui Affected: < 1.13.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:09:17.971Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280"
              },
              {
                "name": "FEDORA-2021-51c256bf87",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
              },
              {
                "name": "FEDORA-2021-ab38307fc3",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
              },
              {
                "name": "FEDORA-2021-013ab302be",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-core-2022-001"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2022-09"
              },
              {
                "name": "FEDORA-2022-9d655503ea",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
              },
              {
                "name": "FEDORA-2022-bf18450366",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2024/Aug/37"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jquery-ui",
              "vendor": "jquery",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.13.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T02:06:17.867Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
            },
            {
              "url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327"
            },
            {
              "url": "https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280"
            },
            {
              "name": "FEDORA-2021-51c256bf87",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
            },
            {
              "name": "FEDORA-2021-ab38307fc3",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
            },
            {
              "name": "FEDORA-2021-013ab302be",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
            },
            {
              "url": "https://www.drupal.org/sa-core-2022-001"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2022-09"
            },
            {
              "name": "FEDORA-2022-9d655503ea",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
            },
            {
              "name": "FEDORA-2022-bf18450366",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
            }
          ],
          "source": {
            "advisory": "GHSA-gpqq-952q-5327",
            "discovery": "UNKNOWN"
          },
          "title": "XSS in the `of` option of the `.position()` util"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2021-41184",
        "datePublished": "2021-10-26T00:00:00.000Z",
        "dateReserved": "2021-09-15T00:00:00.000Z",
        "dateUpdated": "2025-11-04T16:09:17.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-41182 (GCVE-0-2021-41182)

    Vulnerability from nvd – Published: 2021-10-26 00:00 – Updated: 2025-02-13 16:28
    VLAI
    Title
    XSS in the `altField` option of the Datepicker widget
    Summary
    jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    jquery jquery-ui Affected: < 1.13.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:59:31.655Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
              },
              {
                "name": "FEDORA-2021-51c256bf87",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
              },
              {
                "name": "FEDORA-2021-ab38307fc3",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
              },
              {
                "name": "FEDORA-2021-013ab302be",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
              },
              {
                "name": "[debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-core-2022-002"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-contrib-2022-004"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2022-09"
              },
              {
                "name": "FEDORA-2022-9d655503ea",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
              },
              {
                "name": "FEDORA-2022-bf18450366",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jquery-ui",
              "vendor": "jquery",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.13.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T02:06:24.588Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc"
            },
            {
              "url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63"
            },
            {
              "url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
            },
            {
              "name": "FEDORA-2021-51c256bf87",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
            },
            {
              "name": "FEDORA-2021-ab38307fc3",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
            },
            {
              "name": "FEDORA-2021-013ab302be",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
            },
            {
              "name": "[debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
            },
            {
              "url": "https://www.drupal.org/sa-core-2022-002"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
            },
            {
              "url": "https://www.drupal.org/sa-contrib-2022-004"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2022-09"
            },
            {
              "name": "FEDORA-2022-9d655503ea",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
            },
            {
              "name": "FEDORA-2022-bf18450366",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
            }
          ],
          "source": {
            "advisory": "GHSA-9gj3-hwp5-pmwc",
            "discovery": "UNKNOWN"
          },
          "title": "XSS in the `altField` option of the Datepicker widget"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2021-41182",
        "datePublished": "2021-10-26T00:00:00.000Z",
        "dateReserved": "2021-09-15T00:00:00.000Z",
        "dateUpdated": "2025-02-13T16:28:30.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-11022 (GCVE-0-2020-11022)

    Vulnerability from nvd – Published: 2020-04-29 00:00 – Updated: 2026-04-13 13:53
    VLAI
    Title
    jQuery has a potential XSS vulnerability
    Summary
    In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://github.com/jquery/jquery/security/advisor… x_refsource_CONFIRM
    https://github.com/maximebf/php-debugbar/issues/447 x_refsource_MISC
    https://github.com/jquery/jquery/commit/1d61fd940… x_refsource_MISC
    https://github.com/maximebf/php-debugbar/commit/8… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.opensuse.org/opensuse-security-anno… x_refsource_MISC
    https://lists.opensuse.org/opensuse-security-anno… x_refsource_MISC
    https://lists.opensuse.org/opensuse-security-anno… x_refsource_MISC
    https://packetstormsecurity.com/files/162159/jQue… x_refsource_MISC
    https://security.gentoo.org/glsa/202007-03 x_refsource_MISC
    https://www.debian.org/security/2020/dsa-4693 x_refsource_MISC
    https://www.drupal.org/sa-core-2020-002 x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuApr2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuapr2022.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujan2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujan2022.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujul2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujul2022.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuoct2020.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuoct2021.html x_refsource_MISC
    https://www.tenable.com/security/tns-2020-10 x_refsource_MISC
    https://www.tenable.com/security/tns-2020-11 x_refsource_MISC
    https://www.tenable.com/security/tns-2021-02 x_refsource_MISC
    https://www.tenable.com/security/tns-2021-10 x_refsource_MISC
    https://blog.jquery.com/2020/04/10/jquery-3-5-0-r… x_refsource_MISC
    https://github.com/jquery/jquery/releases/tag/3.5.0 x_refsource_MISC
    https://github.com/rubysec/ruby-advisory-db/blob/… x_refsource_MISC
    https://jquery.com/upgrade-guide/3.5 x_refsource_MISC
    https://lists.apache.org/thread.html/r0483ba00727… x_refsource_MISC
    https://lists.apache.org/thread.html/r49ce4243b47… x_refsource_MISC
    https://lists.apache.org/thread.html/r54565a8f025… x_refsource_MISC
    https://lists.apache.org/thread.html/r564585d97bc… x_refsource_MISC
    https://lists.apache.org/thread.html/r706cfbc0984… x_refsource_MISC
    https://lists.apache.org/thread.html/r8f70b0f65d6… x_refsource_MISC
    https://lists.apache.org/thread.html/rbb448222ba6… x_refsource_MISC
    https://lists.apache.org/thread.html/rdf44341677c… x_refsource_MISC
    https://lists.apache.org/thread.html/re4ae96fa5c1… x_refsource_MISC
    https://lists.apache.org/thread.html/rede9cfaa756… x_refsource_MISC
    https://lists.apache.org/thread.html/ree3bd8ddb23… x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2021… x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2023… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    http://security.netapp.com/advisory/ntap-20200511-0006 x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://jquery.com/upgrade-guide/3.5/ x_transferred
    https://blog.jquery.com/2020/04/10/jquery-3-5-0-r… x_transferred
    https://security.netapp.com/advisory/ntap-2020051… x_transferred
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_transferred
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_transferred
    https://lists.apache.org/thread.html/rdf44341677c… mailing-listx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.apache.org/thread.html/r706cfbc0984… mailing-listx_transferred
    https://lists.apache.org/thread.html/rbb448222ba6… mailing-listx_transferred
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_transferred
    https://lists.apache.org/thread.html/r49ce4243b47… mailing-listx_transferred
    https://lists.apache.org/thread.html/r8f70b0f65d6… mailing-listx_transferred
    https://lists.apache.org/thread.html/r564585d97bc… mailing-listx_transferred
    https://lists.apache.org/thread.html/ree3bd8ddb23… mailing-listx_transferred
    https://lists.apache.org/thread.html/rede9cfaa756… mailing-listx_transferred
    https://lists.apache.org/thread.html/r54565a8f025… mailing-listx_transferred
    https://lists.apache.org/thread.html/re4ae96fa5c1… mailing-listx_transferred
    http://packetstormsecurity.com/files/162159/jQuer… x_transferred
    https://www.oracle.com//security-alerts/cpujul2021.html x_transferred
    https://lists.apache.org/thread.html/r0483ba00727… mailing-listx_transferred
    Impacted products
    Vendor Product Version
    jquery jQuery Affected: >= 1.12.0, < 3.5.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.453Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4693",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4693"
              },
              {
                "name": "FEDORA-2020-11be4b36d4",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/"
              },
              {
                "name": "FEDORA-2020-36d2db5f51",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jquery.com/upgrade-guide/3.5/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200511-0006/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-core-2020-002"
              },
              {
                "name": "openSUSE-SU-2020:1060",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
              },
              {
                "name": "GLSA-202007-03",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202007-03"
              },
              {
                "name": "openSUSE-SU-2020:1106",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
              },
              {
                "name": "[airflow-commits] 20200820 [GitHub] [airflow] breser opened a new issue #10429: jquery dependency needs to be updated to 3.5.0 or newer",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "FEDORA-2020-fbb94073a1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/"
              },
              {
                "name": "FEDORA-2020-0b32a59b54",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/"
              },
              {
                "name": "FEDORA-2020-fe94df8c34",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "name": "[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E"
              },
              {
                "name": "openSUSE-SU-2020:1888",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
              },
              {
                "name": "[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-10"
              },
              {
                "name": "[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
              },
              {
                "name": "[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "name": "[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jQuery",
              "vendor": "jquery",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.12.0, \u003c 3.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-13T13:53:08.239Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2"
            },
            {
              "name": "https://github.com/maximebf/php-debugbar/issues/447",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/maximebf/php-debugbar/issues/447"
            },
            {
              "name": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
            },
            {
              "name": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
            },
            {
              "name": "https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html"
            },
            {
              "name": "https://security.gentoo.org/glsa/202007-03",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.gentoo.org/glsa/202007-03"
            },
            {
              "name": "https://www.debian.org/security/2020/dsa-4693",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4693"
            },
            {
              "name": "https://www.drupal.org/sa-core-2020-002",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.drupal.org/sa-core-2020-002"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2020-10",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2020-10"
            },
            {
              "name": "https://www.tenable.com/security/tns-2020-11",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2020-11"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-02",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2021-02"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-10",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2021-10"
            },
            {
              "name": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"
            },
            {
              "name": "https://github.com/jquery/jquery/releases/tag/3.5.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/releases/tag/3.5.0"
            },
            {
              "name": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml"
            },
            {
              "name": "https://jquery.com/upgrade-guide/3.5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jquery.com/upgrade-guide/3.5"
            },
            {
              "name": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
            },
            {
              "name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B"
            },
            {
              "name": "http://security.netapp.com/advisory/ntap-20200511-0006",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://security.netapp.com/advisory/ntap-20200511-0006"
            }
          ],
          "source": {
            "advisory": "GHSA-gxr4-xjj5-5px2",
            "discovery": "UNKNOWN"
          },
          "title": "jQuery has a potential XSS vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-11022",
        "datePublished": "2020-04-29T00:00:00.000Z",
        "dateReserved": "2020-03-30T00:00:00.000Z",
        "dateUpdated": "2026-04-13T13:53:08.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2019-11358 (GCVE-0-2019-11358)

    Vulnerability from nvd – Published: 2019-04-19 00:00 – Updated: 2024-11-15 15:11
    VLAI
    Summary
    jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.drupal.org/sa-core-2019-006
    https://www.synology.com/security/advisory/Synolo…
    https://www.debian.org/security/2019/dsa-4434 vendor-advisory
    https://seclists.org/bugtraq/2019/Apr/32 mailing-list
    http://www.securityfocus.com/bid/108023 vdb-entry
    https://lists.apache.org/thread.html/08720ef215ee… mailing-list
    https://lists.apache.org/thread.html/b736d0784cf0… mailing-list
    https://lists.apache.org/thread.html/88fb0362fd40… mailing-list
    https://lists.apache.org/thread.html/5928aa293e39… mailing-list
    https://lists.apache.org/thread.html/6097cdbd6f0a… mailing-list
    https://lists.debian.org/debian-lts-announce/2019… mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://seclists.org/bugtraq/2019/May/18 mailing-list
    http://packetstormsecurity.com/files/152787/dotCM…
    http://seclists.org/fulldisclosure/2019/May/11 mailing-list
    http://seclists.org/fulldisclosure/2019/May/10 mailing-list
    http://seclists.org/fulldisclosure/2019/May/13 mailing-list
    https://lists.debian.org/debian-lts-announce/2019… mailing-list
    http://www.openwall.com/lists/oss-security/2019/06/03/2 mailing-list
    http://packetstormsecurity.com/files/153237/Retir…
    https://access.redhat.com/errata/RHSA-2019:1456 vendor-advisory
    https://www.debian.org/security/2019/dsa-4460 vendor-advisory
    https://seclists.org/bugtraq/2019/Jun/12 mailing-list
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://access.redhat.com/errata/RHBA-2019:1570 vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://lists.apache.org/thread.html/ba79cf165874… mailing-list
    https://access.redhat.com/errata/RHSA-2019:2587 vendor-advisory
    https://security.netapp.com/advisory/ntap-2019091…
    https://access.redhat.com/errata/RHSA-2019:3023 vendor-advisory
    https://access.redhat.com/errata/RHSA-2019:3024 vendor-advisory
    https://lists.apache.org/thread.html/b0656d359c7d… mailing-list
    https://lists.apache.org/thread.html/519eb0fd4564… mailing-list
    https://lists.apache.org/thread.html/f9bc3e55f4e2… mailing-list
    https://lists.apache.org/thread.html/bcce5a9c532b… mailing-list
    https://www.tenable.com/security/tns-2019-08
    https://lists.apache.org/thread.html/rca37935d661… mailing-list
    https://lists.debian.org/debian-lts-announce/2020… mailing-list
    http://packetstormsecurity.com/files/156743/Octob…
    https://www.tenable.com/security/tns-2020-02
    https://lists.apache.org/thread.html/r38f0d1aa3c9… mailing-list
    https://lists.apache.org/thread.html/r7aac081cbdd… mailing-list
    https://lists.apache.org/thread.html/rac25da84ecd… mailing-list
    https://lists.apache.org/thread.html/r2041a75d3fc… mailing-list
    https://lists.apache.org/thread.html/r7e8ebccb7c0… mailing-list
    https://lists.apache.org/thread.html/r41b5bfe009c… mailing-list
    https://lists.apache.org/thread.html/r2baacab6e0a… mailing-list
    https://www.oracle.com/security-alerts/cpuapr2020.html
    https://lists.apache.org/thread.html/r7d64895cc4d… mailing-list
    https://www.oracle.com/security-alerts/cpujul2020.html
    https://www.oracle.com/technetwork/security-advis…
    https://www.oracle.com/technetwork/security-advis…
    https://www.oracle.com/security-alerts/cpujan2020.html
    https://backdropcms.org/security/backdrop-sa-core…
    https://blog.jquery.com/2019/04/10/jquery-3-4-0-r…
    https://snyk.io/vuln/SNYK-JS-JQUERY-174006
    https://github.com/jquery/jquery/pull/4333
    https://github.com/jquery/jquery/commit/753d591ae…
    https://www.privacy-wise.com/mitigating-cve-2019-…
    https://www.oracle.com/security-alerts/cpuoct2020.html
    https://kb.pulsesecure.net/articles/Pulse_Securit…
    https://www.oracle.com/security-alerts/cpujan2021.html
    https://www.oracle.com/security-alerts/cpuApr2021.html
    https://www.oracle.com//security-alerts/cpujul2021.html
    https://www.oracle.com/security-alerts/cpuoct2021.html
    https://www.oracle.com/security-alerts/cpujan2022.html
    https://supportportal.juniper.net/s/article/2021-…
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:48:09.199Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-core-2019-006"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
              },
              {
                "name": "DSA-4434",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4434"
              },
              {
                "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Apr/32"
              },
              {
                "name": "108023",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108023"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
              },
              {
                "name": "FEDORA-2019-eba8e44ee6",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
              },
              {
                "name": "FEDORA-2019-1a3edd7e8a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
              },
              {
                "name": "FEDORA-2019-7eaf0bbe7c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
              },
              {
                "name": "FEDORA-2019-2a0ce0c58c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
              },
              {
                "name": "FEDORA-2019-a06dffab1c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
              },
              {
                "name": "FEDORA-2019-f563e66380",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
              },
              {
                "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/May/18"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
              },
              {
                "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/11"
              },
              {
                "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/10"
              },
              {
                "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/13"
              },
              {
                "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
              },
              {
                "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
              },
              {
                "name": "RHSA-2019:1456",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:1456"
              },
              {
                "name": "DSA-4460",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4460"
              },
              {
                "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jun/12"
              },
              {
                "name": "openSUSE-SU-2019:1839",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
              },
              {
                "name": "RHBA-2019:1570",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHBA-2019:1570"
              },
              {
                "name": "openSUSE-SU-2019:1872",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
              },
              {
                "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
              },
              {
                "name": "RHSA-2019:2587",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2587"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
              },
              {
                "name": "RHSA-2019:3023",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3023"
              },
              {
                "name": "RHSA-2019:3024",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3024"
              },
              {
                "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
              },
              {
                "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
              },
              {
                "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
              },
              {
                "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2019-08"
              },
              {
                "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-02"
              },
              {
                "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
              },
              {
                "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
              },
              {
                "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/pull/4333"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
              },
              {
                "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-11358",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-20T15:03:16.892088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T15:11:23.024Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T02:06:52.187Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-core-2019-006"
            },
            {
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
            },
            {
              "name": "DSA-4434",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4434"
            },
            {
              "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/Apr/32"
            },
            {
              "name": "108023",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/108023"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
            },
            {
              "name": "FEDORA-2019-eba8e44ee6",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
            },
            {
              "name": "FEDORA-2019-1a3edd7e8a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
            },
            {
              "name": "FEDORA-2019-7eaf0bbe7c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
            },
            {
              "name": "FEDORA-2019-2a0ce0c58c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
            },
            {
              "name": "FEDORA-2019-a06dffab1c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
            },
            {
              "name": "FEDORA-2019-f563e66380",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
            },
            {
              "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/18"
            },
            {
              "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
            },
            {
              "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/11"
            },
            {
              "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/10"
            },
            {
              "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/13"
            },
            {
              "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
            },
            {
              "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
            },
            {
              "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
            },
            {
              "name": "RHSA-2019:1456",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:1456"
            },
            {
              "name": "DSA-4460",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4460"
            },
            {
              "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jun/12"
            },
            {
              "name": "openSUSE-SU-2019:1839",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
            },
            {
              "name": "RHBA-2019:1570",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2019:1570"
            },
            {
              "name": "openSUSE-SU-2019:1872",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
            },
            {
              "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
            },
            {
              "name": "RHSA-2019:2587",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2587"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
            },
            {
              "name": "RHSA-2019:3023",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3023"
            },
            {
              "name": "RHSA-2019:3024",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3024"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
            },
            {
              "url": "https://www.tenable.com/security/tns-2019-08"
            },
            {
              "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2020-02"
            },
            {
              "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
            },
            {
              "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
            },
            {
              "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
            },
            {
              "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
            },
            {
              "url": "https://github.com/jquery/jquery/pull/4333"
            },
            {
              "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
            },
            {
              "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
            },
            {
              "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-11358",
        "datePublished": "2019-04-19T00:00:00.000Z",
        "dateReserved": "2019-04-19T00:00:00.000Z",
        "dateUpdated": "2024-11-15T15:11:23.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-9251 (GCVE-0-2015-9251)

    Vulnerability from nvd – Published: 2018-01-18 23:00 – Updated: 2024-08-06 08:43
    VLAI
    Summary
    jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/105658 vdb-entryx_refsource_BID
    https://seclists.org/bugtraq/2019/May/18 mailing-listx_refsource_BUGTRAQ
    http://seclists.org/fulldisclosure/2019/May/11 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/May/10 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/May/13 mailing-listx_refsource_FULLDISC
    https://lists.apache.org/thread.html/54df3aeb4239… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/10f0f3aefd51… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/17ff53f7999e… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/52bafac05ad1… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/ba79cf165874… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/b0656d359c7d… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/519eb0fd4564… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/f9bc3e55f4e2… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2020:0481 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0729 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.oracle.com/security-alerts/cpuapr2020.html x_refsource_MISC
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://github.com/jquery/jquery/issues/2432 x_refsource_MISC
    https://www.oracle.com/technetwork/security-advis… x_refsource_CONFIRM
    https://sw.aveva.com/hubfs/assets-2018/pdf/securi… x_refsource_MISC
    https://github.com/jquery/jquery/pull/2588/commit… x_refsource_MISC
    https://snyk.io/vuln/npm:jquery:20150627 x_refsource_MISC
    https://github.com/jquery/jquery/pull/2588 x_refsource_MISC
    https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04 x_refsource_MISC
    https://github.com/jquery/jquery/commit/f60729f39… x_refsource_MISC
    https://www.oracle.com/technetwork/security-advis… x_refsource_MISC
    http://packetstormsecurity.com/files/152787/dotCM… x_refsource_MISC
    http://packetstormsecurity.com/files/153237/Retir… x_refsource_MISC
    https://www.oracle.com/technetwork/security-advis… x_refsource_MISC
    https://www.oracle.com/technetwork/security-advis… x_refsource_MISC
    https://www.tenable.com/security/tns-2019-08 x_refsource_CONFIRM
    https://www.oracle.com/security-alerts/cpujan2020.html x_refsource_MISC
    http://packetstormsecurity.com/files/156743/Octob… x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuoct2020.html x_refsource_MISC
    https://kb.pulsesecure.net/articles/Pulse_Securit… x_refsource_CONFIRM
    https://security.netapp.com/advisory/ntap-2021010… x_refsource_CONFIRM
    Date Public
    2018-01-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:43:41.697Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105658",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105658"
              },
              {
                "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/May/18"
              },
              {
                "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/11"
              },
              {
                "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/10"
              },
              {
                "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/13"
              },
              {
                "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E"
              },
              {
                "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E"
              },
              {
                "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E"
              },
              {
                "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E"
              },
              {
                "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
              },
              {
                "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
              },
              {
                "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
              },
              {
                "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
              },
              {
                "name": "RHSA-2020:0481",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0481"
              },
              {
                "name": "RHSA-2020:0729",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0729"
              },
              {
                "name": "openSUSE-SU-2020:0395",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/issues/2432"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/npm:jquery:20150627"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/pull/2588"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2019-08"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210108-0004/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-01-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-08T11:06:16.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "105658",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105658"
            },
            {
              "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/18"
            },
            {
              "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/11"
            },
            {
              "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/10"
            },
            {
              "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/13"
            },
            {
              "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E"
            },
            {
              "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E"
            },
            {
              "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E"
            },
            {
              "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E"
            },
            {
              "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2020:0481",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0481"
            },
            {
              "name": "RHSA-2020:0729",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0729"
            },
            {
              "name": "openSUSE-SU-2020:0395",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/issues/2432"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/npm:jquery:20150627"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/pull/2588"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2019-08"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210108-0004/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-9251",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105658",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105658"
                },
                {
                  "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/May/18"
                },
                {
                  "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/May/11"
                },
                {
                  "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/May/10"
                },
                {
                  "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/May/13"
                },
                {
                  "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E"
                },
                {
                  "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E"
                },
                {
                  "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E"
                },
                {
                  "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E"
                },
                {
                  "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E"
                },
                {
                  "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
                },
                {
                  "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
                },
                {
                  "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
                },
                {
                  "name": "RHSA-2020:0481",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0481"
                },
                {
                  "name": "RHSA-2020:0729",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0729"
                },
                {
                  "name": "openSUSE-SU-2020:0395",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://github.com/jquery/jquery/issues/2432",
                  "refsource": "MISC",
                  "url": "https://github.com/jquery/jquery/issues/2432"
                },
                {
                  "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
                },
                {
                  "name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf",
                  "refsource": "MISC",
                  "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
                },
                {
                  "name": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2",
                  "refsource": "MISC",
                  "url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
                },
                {
                  "name": "https://snyk.io/vuln/npm:jquery:20150627",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/npm:jquery:20150627"
                },
                {
                  "name": "https://github.com/jquery/jquery/pull/2588",
                  "refsource": "MISC",
                  "url": "https://github.com/jquery/jquery/pull/2588"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04"
                },
                {
                  "name": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc",
                  "refsource": "MISC",
                  "url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
                },
                {
                  "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
                },
                {
                  "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
                },
                {
                  "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2019-08",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2019-08"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
                  "refsource": "CONFIRM",
                  "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210108-0004/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210108-0004/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-9251",
        "datePublished": "2018-01-18T23:00:00.000Z",
        "dateReserved": "2018-01-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:43:41.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10223 (GCVE-0-2017-10223)

    Vulnerability from nvd – Published: 2017-08-08 15:00 – Updated: 2024-10-04 17:07
    VLAI
    Summary
    Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Purchasing). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data.
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/99704 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1038941 vdb-entryx_refsource_SECTRACK
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Oracle Corporation Hospitality Materials Control Affected: 8.31.4
    Affected: 8.32.0
    Create a notification for this product.
    Date Public
    2017-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:33:16.908Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "99704",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99704"
              },
              {
                "name": "1038941",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038941"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-10223",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T15:49:33.866070Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T17:07:28.306Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Hospitality Materials Control",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.31.4"
                },
                {
                  "status": "affected",
                  "version": "8.32.0"
                }
              ]
            }
          ],
          "datePublic": "2017-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Purchasing). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as  unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-09T09:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "99704",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99704"
            },
            {
              "name": "1038941",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038941"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2017-10223",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Hospitality Materials Control",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "8.31.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.32.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Purchasing). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as  unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "99704",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99704"
                },
                {
                  "name": "1038941",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038941"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2017-10223",
        "datePublished": "2017-08-08T15:00:00.000Z",
        "dateReserved": "2017-06-21T00:00:00.000Z",
        "dateUpdated": "2024-10-04T17:07:28.306Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10222 (GCVE-0-2017-10222)

    Vulnerability from nvd – Published: 2017-08-08 15:00 – Updated: 2024-10-04 17:07
    VLAI
    Summary
    Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Production Tool). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data.
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1038941 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/99701 vdb-entryx_refsource_BID
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Oracle Corporation Hospitality Materials Control Affected: 8.31.4
    Affected: 8.32.0
    Create a notification for this product.
    Date Public
    2017-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:33:16.883Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038941",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038941"
              },
              {
                "name": "99701",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99701"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-10222",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T15:49:40.927603Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T17:07:34.804Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Hospitality Materials Control",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.31.4"
                },
                {
                  "status": "affected",
                  "version": "8.32.0"
                }
              ]
            }
          ],
          "datePublic": "2017-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Production Tool). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as  unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-09T09:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "1038941",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038941"
            },
            {
              "name": "99701",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99701"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2017-10222",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Hospitality Materials Control",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "8.31.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.32.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Production Tool). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as  unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038941",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038941"
                },
                {
                  "name": "99701",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99701"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2017-10222",
        "datePublished": "2017-08-08T15:00:00.000Z",
        "dateReserved": "2017-06-21T00:00:00.000Z",
        "dateUpdated": "2024-10-04T17:07:34.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41182 (GCVE-0-2021-41182)

    Vulnerability from cvelistv5 – Published: 2021-10-26 00:00 – Updated: 2025-02-13 16:28
    VLAI
    Title
    XSS in the `altField` option of the Datepicker widget
    Summary
    jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    jquery jquery-ui Affected: < 1.13.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T02:59:31.655Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
              },
              {
                "name": "FEDORA-2021-51c256bf87",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
              },
              {
                "name": "FEDORA-2021-ab38307fc3",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
              },
              {
                "name": "FEDORA-2021-013ab302be",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
              },
              {
                "name": "[debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-core-2022-002"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-contrib-2022-004"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2022-09"
              },
              {
                "name": "FEDORA-2022-9d655503ea",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
              },
              {
                "name": "FEDORA-2022-bf18450366",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jquery-ui",
              "vendor": "jquery",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.13.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T02:06:24.588Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc"
            },
            {
              "url": "https://github.com/jquery/jquery-ui/pull/1954/commits/6809ce843e5ac4128108ea4c15cbc100653c2b63"
            },
            {
              "url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
            },
            {
              "name": "FEDORA-2021-51c256bf87",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
            },
            {
              "name": "FEDORA-2021-ab38307fc3",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
            },
            {
              "name": "FEDORA-2021-013ab302be",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
            },
            {
              "name": "[debian-lts-announce] 20220119 [SECURITY] [DLA-2889-1] drupal7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00014.html"
            },
            {
              "url": "https://www.drupal.org/sa-core-2022-002"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
            },
            {
              "url": "https://www.drupal.org/sa-contrib-2022-004"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2022-09"
            },
            {
              "name": "FEDORA-2022-9d655503ea",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
            },
            {
              "name": "FEDORA-2022-bf18450366",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
            }
          ],
          "source": {
            "advisory": "GHSA-9gj3-hwp5-pmwc",
            "discovery": "UNKNOWN"
          },
          "title": "XSS in the `altField` option of the Datepicker widget"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2021-41182",
        "datePublished": "2021-10-26T00:00:00.000Z",
        "dateReserved": "2021-09-15T00:00:00.000Z",
        "dateUpdated": "2025-02-13T16:28:30.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41184 (GCVE-0-2021-41184)

    Vulnerability from cvelistv5 – Published: 2021-10-26 00:00 – Updated: 2025-11-04 16:09
    VLAI
    Title
    XSS in the `of` option of the `.position()` util
    Summary
    jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    jquery jquery-ui Affected: < 1.13.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T16:09:17.971Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280"
              },
              {
                "name": "FEDORA-2021-51c256bf87",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
              },
              {
                "name": "FEDORA-2021-ab38307fc3",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
              },
              {
                "name": "FEDORA-2021-013ab302be",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-core-2022-001"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2022-09"
              },
              {
                "name": "FEDORA-2022-9d655503ea",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
              },
              {
                "name": "FEDORA-2022-bf18450366",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
              },
              {
                "url": "http://seclists.org/fulldisclosure/2024/Aug/37"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jquery-ui",
              "vendor": "jquery",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.13.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T02:06:17.867Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "url": "https://blog.jqueryui.com/2021/10/jquery-ui-1-13-0-released/"
            },
            {
              "url": "https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327"
            },
            {
              "url": "https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280"
            },
            {
              "name": "FEDORA-2021-51c256bf87",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O74SXYY7RGXREQDQUDQD4BPJ4QQTD2XQ/"
            },
            {
              "name": "FEDORA-2021-ab38307fc3",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SNXA7XRKGINWSUIPIZ6ZBCTV6N3KSHES/"
            },
            {
              "name": "FEDORA-2021-013ab302be",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXIUUBRVLA4E7G7MMIKCEN75YN7UFERW/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20211118-0004/"
            },
            {
              "url": "https://www.drupal.org/sa-core-2022-001"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2022-09"
            },
            {
              "name": "FEDORA-2022-9d655503ea",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVKIOWSXL2RF2ULNAP7PHESYCFSZIJE3/"
            },
            {
              "name": "FEDORA-2022-bf18450366",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGSY236PYSFYIEBRGDERLA7OSY6D7XL4/"
            },
            {
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
            }
          ],
          "source": {
            "advisory": "GHSA-gpqq-952q-5327",
            "discovery": "UNKNOWN"
          },
          "title": "XSS in the `of` option of the `.position()` util"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2021-41184",
        "datePublished": "2021-10-26T00:00:00.000Z",
        "dateReserved": "2021-09-15T00:00:00.000Z",
        "dateUpdated": "2025-11-04T16:09:17.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-11022 (GCVE-0-2020-11022)

    Vulnerability from cvelistv5 – Published: 2020-04-29 00:00 – Updated: 2026-04-13 13:53
    VLAI
    Title
    jQuery has a potential XSS vulnerability
    Summary
    In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    URL Tags
    https://github.com/jquery/jquery/security/advisor… x_refsource_CONFIRM
    https://github.com/maximebf/php-debugbar/issues/447 x_refsource_MISC
    https://github.com/jquery/jquery/commit/1d61fd940… x_refsource_MISC
    https://github.com/maximebf/php-debugbar/commit/8… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.opensuse.org/opensuse-security-anno… x_refsource_MISC
    https://lists.opensuse.org/opensuse-security-anno… x_refsource_MISC
    https://lists.opensuse.org/opensuse-security-anno… x_refsource_MISC
    https://packetstormsecurity.com/files/162159/jQue… x_refsource_MISC
    https://security.gentoo.org/glsa/202007-03 x_refsource_MISC
    https://www.debian.org/security/2020/dsa-4693 x_refsource_MISC
    https://www.drupal.org/sa-core-2020-002 x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuApr2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuapr2022.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujan2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujan2022.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujul2021.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpujul2022.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuoct2020.html x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuoct2021.html x_refsource_MISC
    https://www.tenable.com/security/tns-2020-10 x_refsource_MISC
    https://www.tenable.com/security/tns-2020-11 x_refsource_MISC
    https://www.tenable.com/security/tns-2021-02 x_refsource_MISC
    https://www.tenable.com/security/tns-2021-10 x_refsource_MISC
    https://blog.jquery.com/2020/04/10/jquery-3-5-0-r… x_refsource_MISC
    https://github.com/jquery/jquery/releases/tag/3.5.0 x_refsource_MISC
    https://github.com/rubysec/ruby-advisory-db/blob/… x_refsource_MISC
    https://jquery.com/upgrade-guide/3.5 x_refsource_MISC
    https://lists.apache.org/thread.html/r0483ba00727… x_refsource_MISC
    https://lists.apache.org/thread.html/r49ce4243b47… x_refsource_MISC
    https://lists.apache.org/thread.html/r54565a8f025… x_refsource_MISC
    https://lists.apache.org/thread.html/r564585d97bc… x_refsource_MISC
    https://lists.apache.org/thread.html/r706cfbc0984… x_refsource_MISC
    https://lists.apache.org/thread.html/r8f70b0f65d6… x_refsource_MISC
    https://lists.apache.org/thread.html/rbb448222ba6… x_refsource_MISC
    https://lists.apache.org/thread.html/rdf44341677c… x_refsource_MISC
    https://lists.apache.org/thread.html/re4ae96fa5c1… x_refsource_MISC
    https://lists.apache.org/thread.html/rede9cfaa756… x_refsource_MISC
    https://lists.apache.org/thread.html/ree3bd8ddb23… x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2021… x_refsource_MISC
    https://lists.debian.org/debian-lts-announce/2023… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
    http://security.netapp.com/advisory/ntap-20200511-0006 x_refsource_MISC
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://jquery.com/upgrade-guide/3.5/ x_transferred
    https://blog.jquery.com/2020/04/10/jquery-3-5-0-r… x_transferred
    https://security.netapp.com/advisory/ntap-2020051… x_transferred
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_transferred
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_transferred
    https://lists.apache.org/thread.html/rdf44341677c… mailing-listx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_transferred
    https://lists.apache.org/thread.html/r706cfbc0984… mailing-listx_transferred
    https://lists.apache.org/thread.html/rbb448222ba6… mailing-listx_transferred
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_transferred
    https://lists.apache.org/thread.html/r49ce4243b47… mailing-listx_transferred
    https://lists.apache.org/thread.html/r8f70b0f65d6… mailing-listx_transferred
    https://lists.apache.org/thread.html/r564585d97bc… mailing-listx_transferred
    https://lists.apache.org/thread.html/ree3bd8ddb23… mailing-listx_transferred
    https://lists.apache.org/thread.html/rede9cfaa756… mailing-listx_transferred
    https://lists.apache.org/thread.html/r54565a8f025… mailing-listx_transferred
    https://lists.apache.org/thread.html/re4ae96fa5c1… mailing-listx_transferred
    http://packetstormsecurity.com/files/162159/jQuer… x_transferred
    https://www.oracle.com//security-alerts/cpujul2021.html x_transferred
    https://lists.apache.org/thread.html/r0483ba00727… mailing-listx_transferred
    Impacted products
    Vendor Product Version
    jquery jQuery Affected: >= 1.12.0, < 3.5.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T11:21:14.453Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-4693",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2020/dsa-4693"
              },
              {
                "name": "FEDORA-2020-11be4b36d4",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/"
              },
              {
                "name": "FEDORA-2020-36d2db5f51",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://jquery.com/upgrade-guide/3.5/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200511-0006/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-core-2020-002"
              },
              {
                "name": "openSUSE-SU-2020:1060",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
              },
              {
                "name": "GLSA-202007-03",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202007-03"
              },
              {
                "name": "openSUSE-SU-2020:1106",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
              },
              {
                "name": "[airflow-commits] 20200820 [GitHub] [airflow] breser opened a new issue #10429: jquery dependency needs to be updated to 3.5.0 or newer",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "FEDORA-2020-fbb94073a1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B/"
              },
              {
                "name": "FEDORA-2020-0b32a59b54",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY/"
              },
              {
                "name": "FEDORA-2020-fe94df8c34",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "name": "[flink-issues] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-dev] 20201105 [jira] [Created] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67%40%3Cdev.flink.apache.org%3E"
              },
              {
                "name": "openSUSE-SU-2020:1888",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
              },
              {
                "name": "[flink-issues] 20201129 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-11"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-10"
              },
              {
                "name": "[flink-issues] 20210209 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210209 [jira] [Comment Edited] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20210326 [SECURITY] [DLA 2608-1] jquery security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
              },
              {
                "name": "[flink-issues] 20210422 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2021-02"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "name": "[flink-issues] 20211031 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jQuery",
              "vendor": "jquery",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.12.0, \u003c 3.5.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery\u0027s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-13T13:53:08.239Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2"
            },
            {
              "name": "https://github.com/maximebf/php-debugbar/issues/447",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/maximebf/php-debugbar/issues/447"
            },
            {
              "name": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77"
            },
            {
              "name": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/maximebf/php-debugbar/commit/847216e60544258c881f2733d699bbcfeefac0fc"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html"
            },
            {
              "name": "https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html"
            },
            {
              "name": "https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://packetstormsecurity.com/files/162159/jQuery-1.2-Cross-Site-Scripting.html"
            },
            {
              "name": "https://security.gentoo.org/glsa/202007-03",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.gentoo.org/glsa/202007-03"
            },
            {
              "name": "https://www.debian.org/security/2020/dsa-4693",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.debian.org/security/2020/dsa-4693"
            },
            {
              "name": "https://www.drupal.org/sa-core-2020-002",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.drupal.org/sa-core-2020-002"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2020-10",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2020-10"
            },
            {
              "name": "https://www.tenable.com/security/tns-2020-11",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2020-11"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-02",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2021-02"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-10",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.tenable.com/security/tns-2021-10"
            },
            {
              "name": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released"
            },
            {
              "name": "https://github.com/jquery/jquery/releases/tag/3.5.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/releases/tag/3.5.0"
            },
            {
              "name": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-11022.yml"
            },
            {
              "name": "https://jquery.com/upgrade-guide/3.5",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://jquery.com/upgrade-guide/3.5"
            },
            {
              "name": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r0483ba0072783c2e1bfea613984bfb3c86e73ba8879d780dc1cc7d36@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r49ce4243b4738dd763caeb27fa8ad6afb426ae3e8c011ff00b8b1f48@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r564585d97bc069137e64f521e68ba490c7c9c5b342df5d73c49a0760@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r706cfbc098420f7113968cc377247ec3d1439bce42e679c11c609e2d@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/r8f70b0f65d6bedf316ecd899371fd89e65333bc988f6326d2956735c@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rbb448222ba62c430e21e13f940be4cb5cfc373cd3bce56b48c0ffa67@%3Cdev.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rdf44341677cf7eec7e9aa96dcf3f37ed709544863d619cca8c36f133@%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/ree3bd8ddb23df5fa4e372d11c226830ea3650056b1059f3965b3fce2@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00033.html"
            },
            {
              "name": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVKYXLWCLZBV2N7M46KYK4LVA5OXWPBY"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QPN2L2XVQGUA2V5HNQJWHK3APSK3VN7K"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAPQVX3XDNPGFT26QAQ6AJIXZZBZ4CD4"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFP4UK4EGP4AFH2MWYJ5A5Z4I7XVFQ6B"
            },
            {
              "name": "http://security.netapp.com/advisory/ntap-20200511-0006",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://security.netapp.com/advisory/ntap-20200511-0006"
            }
          ],
          "source": {
            "advisory": "GHSA-gxr4-xjj5-5px2",
            "discovery": "UNKNOWN"
          },
          "title": "jQuery has a potential XSS vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2020-11022",
        "datePublished": "2020-04-29T00:00:00.000Z",
        "dateReserved": "2020-03-30T00:00:00.000Z",
        "dateUpdated": "2026-04-13T13:53:08.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2019-11358 (GCVE-0-2019-11358)

    Vulnerability from cvelistv5 – Published: 2019-04-19 00:00 – Updated: 2024-11-15 15:11
    VLAI
    Summary
    jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.drupal.org/sa-core-2019-006
    https://www.synology.com/security/advisory/Synolo…
    https://www.debian.org/security/2019/dsa-4434 vendor-advisory
    https://seclists.org/bugtraq/2019/Apr/32 mailing-list
    http://www.securityfocus.com/bid/108023 vdb-entry
    https://lists.apache.org/thread.html/08720ef215ee… mailing-list
    https://lists.apache.org/thread.html/b736d0784cf0… mailing-list
    https://lists.apache.org/thread.html/88fb0362fd40… mailing-list
    https://lists.apache.org/thread.html/5928aa293e39… mailing-list
    https://lists.apache.org/thread.html/6097cdbd6f0a… mailing-list
    https://lists.debian.org/debian-lts-announce/2019… mailing-list
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://lists.fedoraproject.org/archives/list/pac… vendor-advisory
    https://seclists.org/bugtraq/2019/May/18 mailing-list
    http://packetstormsecurity.com/files/152787/dotCM…
    http://seclists.org/fulldisclosure/2019/May/11 mailing-list
    http://seclists.org/fulldisclosure/2019/May/10 mailing-list
    http://seclists.org/fulldisclosure/2019/May/13 mailing-list
    https://lists.debian.org/debian-lts-announce/2019… mailing-list
    http://www.openwall.com/lists/oss-security/2019/06/03/2 mailing-list
    http://packetstormsecurity.com/files/153237/Retir…
    https://access.redhat.com/errata/RHSA-2019:1456 vendor-advisory
    https://www.debian.org/security/2019/dsa-4460 vendor-advisory
    https://seclists.org/bugtraq/2019/Jun/12 mailing-list
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://access.redhat.com/errata/RHBA-2019:1570 vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://lists.apache.org/thread.html/ba79cf165874… mailing-list
    https://access.redhat.com/errata/RHSA-2019:2587 vendor-advisory
    https://security.netapp.com/advisory/ntap-2019091…
    https://access.redhat.com/errata/RHSA-2019:3023 vendor-advisory
    https://access.redhat.com/errata/RHSA-2019:3024 vendor-advisory
    https://lists.apache.org/thread.html/b0656d359c7d… mailing-list
    https://lists.apache.org/thread.html/519eb0fd4564… mailing-list
    https://lists.apache.org/thread.html/f9bc3e55f4e2… mailing-list
    https://lists.apache.org/thread.html/bcce5a9c532b… mailing-list
    https://www.tenable.com/security/tns-2019-08
    https://lists.apache.org/thread.html/rca37935d661… mailing-list
    https://lists.debian.org/debian-lts-announce/2020… mailing-list
    http://packetstormsecurity.com/files/156743/Octob…
    https://www.tenable.com/security/tns-2020-02
    https://lists.apache.org/thread.html/r38f0d1aa3c9… mailing-list
    https://lists.apache.org/thread.html/r7aac081cbdd… mailing-list
    https://lists.apache.org/thread.html/rac25da84ecd… mailing-list
    https://lists.apache.org/thread.html/r2041a75d3fc… mailing-list
    https://lists.apache.org/thread.html/r7e8ebccb7c0… mailing-list
    https://lists.apache.org/thread.html/r41b5bfe009c… mailing-list
    https://lists.apache.org/thread.html/r2baacab6e0a… mailing-list
    https://www.oracle.com/security-alerts/cpuapr2020.html
    https://lists.apache.org/thread.html/r7d64895cc4d… mailing-list
    https://www.oracle.com/security-alerts/cpujul2020.html
    https://www.oracle.com/technetwork/security-advis…
    https://www.oracle.com/technetwork/security-advis…
    https://www.oracle.com/security-alerts/cpujan2020.html
    https://backdropcms.org/security/backdrop-sa-core…
    https://blog.jquery.com/2019/04/10/jquery-3-4-0-r…
    https://snyk.io/vuln/SNYK-JS-JQUERY-174006
    https://github.com/jquery/jquery/pull/4333
    https://github.com/jquery/jquery/commit/753d591ae…
    https://www.privacy-wise.com/mitigating-cve-2019-…
    https://www.oracle.com/security-alerts/cpuoct2020.html
    https://kb.pulsesecure.net/articles/Pulse_Securit…
    https://www.oracle.com/security-alerts/cpujan2021.html
    https://www.oracle.com/security-alerts/cpuApr2021.html
    https://www.oracle.com//security-alerts/cpujul2021.html
    https://www.oracle.com/security-alerts/cpuoct2021.html
    https://www.oracle.com/security-alerts/cpujan2022.html
    https://supportportal.juniper.net/s/article/2021-…
    https://lists.debian.org/debian-lts-announce/2023… mailing-list
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:48:09.199Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.drupal.org/sa-core-2019-006"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
              },
              {
                "name": "DSA-4434",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4434"
              },
              {
                "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Apr/32"
              },
              {
                "name": "108023",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/108023"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
              },
              {
                "name": "FEDORA-2019-eba8e44ee6",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
              },
              {
                "name": "FEDORA-2019-1a3edd7e8a",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
              },
              {
                "name": "FEDORA-2019-7eaf0bbe7c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
              },
              {
                "name": "FEDORA-2019-2a0ce0c58c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
              },
              {
                "name": "FEDORA-2019-a06dffab1c",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
              },
              {
                "name": "FEDORA-2019-f563e66380",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
              },
              {
                "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/May/18"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
              },
              {
                "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/11"
              },
              {
                "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/10"
              },
              {
                "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/13"
              },
              {
                "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
              },
              {
                "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
              },
              {
                "name": "RHSA-2019:1456",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:1456"
              },
              {
                "name": "DSA-4460",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2019/dsa-4460"
              },
              {
                "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/Jun/12"
              },
              {
                "name": "openSUSE-SU-2019:1839",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
              },
              {
                "name": "RHBA-2019:1570",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHBA-2019:1570"
              },
              {
                "name": "openSUSE-SU-2019:1872",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
              },
              {
                "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
              },
              {
                "name": "RHSA-2019:2587",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:2587"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
              },
              {
                "name": "RHSA-2019:3023",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3023"
              },
              {
                "name": "RHSA-2019:3024",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2019:3024"
              },
              {
                "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
              },
              {
                "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
              },
              {
                "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
              },
              {
                "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2019-08"
              },
              {
                "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
              },
              {
                "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2020-02"
              },
              {
                "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
              },
              {
                "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
              },
              {
                "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
              },
              {
                "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/pull/4333"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
              },
              {
                "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-11358",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-20T15:03:16.892088Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T15:11:23.024Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-31T02:06:52.187Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.drupal.org/sa-core-2019-006"
            },
            {
              "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
            },
            {
              "name": "DSA-4434",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4434"
            },
            {
              "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/Apr/32"
            },
            {
              "name": "108023",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/108023"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
            },
            {
              "name": "FEDORA-2019-eba8e44ee6",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
            },
            {
              "name": "FEDORA-2019-1a3edd7e8a",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
            },
            {
              "name": "FEDORA-2019-7eaf0bbe7c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
            },
            {
              "name": "FEDORA-2019-2a0ce0c58c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
            },
            {
              "name": "FEDORA-2019-a06dffab1c",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
            },
            {
              "name": "FEDORA-2019-f563e66380",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
            },
            {
              "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/18"
            },
            {
              "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
            },
            {
              "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/11"
            },
            {
              "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/10"
            },
            {
              "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/13"
            },
            {
              "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
            },
            {
              "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
            },
            {
              "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
            },
            {
              "name": "RHSA-2019:1456",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:1456"
            },
            {
              "name": "DSA-4460",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.debian.org/security/2019/dsa-4460"
            },
            {
              "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://seclists.org/bugtraq/2019/Jun/12"
            },
            {
              "name": "openSUSE-SU-2019:1839",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
            },
            {
              "name": "RHBA-2019:1570",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHBA-2019:1570"
            },
            {
              "name": "openSUSE-SU-2019:1872",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
            },
            {
              "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
            },
            {
              "name": "RHSA-2019:2587",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:2587"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
            },
            {
              "name": "RHSA-2019:3023",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3023"
            },
            {
              "name": "RHSA-2019:3024",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2019:3024"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
            },
            {
              "url": "https://www.tenable.com/security/tns-2019-08"
            },
            {
              "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2020-02"
            },
            {
              "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
            },
            {
              "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
            },
            {
              "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
            },
            {
              "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
            },
            {
              "url": "https://github.com/jquery/jquery/pull/4333"
            },
            {
              "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
            },
            {
              "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
            },
            {
              "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2019-11358",
        "datePublished": "2019-04-19T00:00:00.000Z",
        "dateReserved": "2019-04-19T00:00:00.000Z",
        "dateUpdated": "2024-11-15T15:11:23.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-9251 (GCVE-0-2015-9251)

    Vulnerability from cvelistv5 – Published: 2018-01-18 23:00 – Updated: 2024-08-06 08:43
    VLAI
    Summary
    jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/105658 vdb-entryx_refsource_BID
    https://seclists.org/bugtraq/2019/May/18 mailing-listx_refsource_BUGTRAQ
    http://seclists.org/fulldisclosure/2019/May/11 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/May/10 mailing-listx_refsource_FULLDISC
    http://seclists.org/fulldisclosure/2019/May/13 mailing-listx_refsource_FULLDISC
    https://lists.apache.org/thread.html/54df3aeb4239… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/10f0f3aefd51… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/17ff53f7999e… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/52bafac05ad1… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/ba79cf165874… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/b0656d359c7d… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/519eb0fd4564… mailing-listx_refsource_MLIST
    https://lists.apache.org/thread.html/f9bc3e55f4e2… mailing-listx_refsource_MLIST
    https://access.redhat.com/errata/RHSA-2020:0481 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2020:0729 vendor-advisoryx_refsource_REDHAT
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    https://www.oracle.com/security-alerts/cpuapr2020.html x_refsource_MISC
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    https://www.oracle.com/security-alerts/cpujul2020.html x_refsource_MISC
    https://github.com/jquery/jquery/issues/2432 x_refsource_MISC
    https://www.oracle.com/technetwork/security-advis… x_refsource_CONFIRM
    https://sw.aveva.com/hubfs/assets-2018/pdf/securi… x_refsource_MISC
    https://github.com/jquery/jquery/pull/2588/commit… x_refsource_MISC
    https://snyk.io/vuln/npm:jquery:20150627 x_refsource_MISC
    https://github.com/jquery/jquery/pull/2588 x_refsource_MISC
    https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04 x_refsource_MISC
    https://github.com/jquery/jquery/commit/f60729f39… x_refsource_MISC
    https://www.oracle.com/technetwork/security-advis… x_refsource_MISC
    http://packetstormsecurity.com/files/152787/dotCM… x_refsource_MISC
    http://packetstormsecurity.com/files/153237/Retir… x_refsource_MISC
    https://www.oracle.com/technetwork/security-advis… x_refsource_MISC
    https://www.oracle.com/technetwork/security-advis… x_refsource_MISC
    https://www.tenable.com/security/tns-2019-08 x_refsource_CONFIRM
    https://www.oracle.com/security-alerts/cpujan2020.html x_refsource_MISC
    http://packetstormsecurity.com/files/156743/Octob… x_refsource_MISC
    https://www.oracle.com/security-alerts/cpuoct2020.html x_refsource_MISC
    https://kb.pulsesecure.net/articles/Pulse_Securit… x_refsource_CONFIRM
    https://security.netapp.com/advisory/ntap-2021010… x_refsource_CONFIRM
    Date Public
    2018-01-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:43:41.697Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "105658",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105658"
              },
              {
                "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "https://seclists.org/bugtraq/2019/May/18"
              },
              {
                "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/11"
              },
              {
                "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/10"
              },
              {
                "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2019/May/13"
              },
              {
                "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E"
              },
              {
                "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E"
              },
              {
                "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E"
              },
              {
                "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E"
              },
              {
                "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
              },
              {
                "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
              },
              {
                "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
              },
              {
                "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
              },
              {
                "name": "RHSA-2020:0481",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0481"
              },
              {
                "name": "RHSA-2020:0729",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2020:0729"
              },
              {
                "name": "openSUSE-SU-2020:0395",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/issues/2432"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/npm:jquery:20150627"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/pull/2588"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2019-08"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210108-0004/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-01-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-01-08T11:06:16.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "105658",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105658"
            },
            {
              "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "https://seclists.org/bugtraq/2019/May/18"
            },
            {
              "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/11"
            },
            {
              "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/10"
            },
            {
              "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2019/May/13"
            },
            {
              "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E"
            },
            {
              "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E"
            },
            {
              "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E"
            },
            {
              "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E"
            },
            {
              "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2020:0481",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0481"
            },
            {
              "name": "RHSA-2020:0729",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2020:0729"
            },
            {
              "name": "openSUSE-SU-2020:0395",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/issues/2432"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/npm:jquery:20150627"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/pull/2588"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2019-08"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20210108-0004/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-9251",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "105658",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105658"
                },
                {
                  "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "https://seclists.org/bugtraq/2019/May/18"
                },
                {
                  "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/May/11"
                },
                {
                  "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/May/10"
                },
                {
                  "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2019/May/13"
                },
                {
                  "name": "[flink-user] 20190811 Apache flink 1.7.2 security issues",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854@%3Cuser.flink.apache.org%3E"
                },
                {
                  "name": "[flink-dev] 20190811 Apache flink 1.7.2 security issues",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731@%3Cdev.flink.apache.org%3E"
                },
                {
                  "name": "[flink-user] 20190813 Apache flink 1.7.2 security issues",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49@%3Cuser.flink.apache.org%3E"
                },
                {
                  "name": "[flink-user] 20190813 Re: Apache flink 1.7.2 security issues",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2@%3Cuser.flink.apache.org%3E"
                },
                {
                  "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6@%3Ccommits.roller.apache.org%3E"
                },
                {
                  "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
                },
                {
                  "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
                },
                {
                  "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
                },
                {
                  "name": "RHSA-2020:0481",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0481"
                },
                {
                  "name": "RHSA-2020:0729",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2020:0729"
                },
                {
                  "name": "openSUSE-SU-2020:0395",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                  "name": "https://github.com/jquery/jquery/issues/2432",
                  "refsource": "MISC",
                  "url": "https://github.com/jquery/jquery/issues/2432"
                },
                {
                  "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
                },
                {
                  "name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf",
                  "refsource": "MISC",
                  "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec126.pdf"
                },
                {
                  "name": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2",
                  "refsource": "MISC",
                  "url": "https://github.com/jquery/jquery/pull/2588/commits/c254d308a7d3f1eac4d0b42837804cfffcba4bb2"
                },
                {
                  "name": "https://snyk.io/vuln/npm:jquery:20150627",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/npm:jquery:20150627"
                },
                {
                  "name": "https://github.com/jquery/jquery/pull/2588",
                  "refsource": "MISC",
                  "url": "https://github.com/jquery/jquery/pull/2588"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-212-04"
                },
                {
                  "name": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc",
                  "refsource": "MISC",
                  "url": "https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc"
                },
                {
                  "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
                },
                {
                  "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
                },
                {
                  "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2019-08",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2019-08"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
                },
                {
                  "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                  "refsource": "MISC",
                  "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                  "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
                  "refsource": "CONFIRM",
                  "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210108-0004/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210108-0004/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-9251",
        "datePublished": "2018-01-18T23:00:00.000Z",
        "dateReserved": "2018-01-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:43:41.697Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10223 (GCVE-0-2017-10223)

    Vulnerability from cvelistv5 – Published: 2017-08-08 15:00 – Updated: 2024-10-04 17:07
    VLAI
    Summary
    Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Purchasing). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data.
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/99704 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1038941 vdb-entryx_refsource_SECTRACK
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Oracle Corporation Hospitality Materials Control Affected: 8.31.4
    Affected: 8.32.0
    Create a notification for this product.
    Date Public
    2017-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:33:16.908Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "99704",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99704"
              },
              {
                "name": "1038941",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038941"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-10223",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T15:49:33.866070Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T17:07:28.306Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Hospitality Materials Control",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.31.4"
                },
                {
                  "status": "affected",
                  "version": "8.32.0"
                }
              ]
            }
          ],
          "datePublic": "2017-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Purchasing). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as  unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-09T09:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "99704",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99704"
            },
            {
              "name": "1038941",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038941"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2017-10223",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Hospitality Materials Control",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "8.31.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.32.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Purchasing). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as  unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "99704",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99704"
                },
                {
                  "name": "1038941",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038941"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2017-10223",
        "datePublished": "2017-08-08T15:00:00.000Z",
        "dateReserved": "2017-06-21T00:00:00.000Z",
        "dateUpdated": "2024-10-04T17:07:28.306Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-10222 (GCVE-0-2017-10222)

    Vulnerability from cvelistv5 – Published: 2017-08-08 15:00 – Updated: 2024-10-04 17:07
    VLAI
    Summary
    Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Production Tool). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data.
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1038941 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/99701 vdb-entryx_refsource_BID
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    Oracle Corporation Hospitality Materials Control Affected: 8.31.4
    Affected: 8.32.0
    Create a notification for this product.
    Date Public
    2017-07-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:33:16.883Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1038941",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038941"
              },
              {
                "name": "99701",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/99701"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-10222",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-04T15:49:40.927603Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-04T17:07:34.804Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Hospitality Materials Control",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.31.4"
                },
                {
                  "status": "affected",
                  "version": "8.32.0"
                }
              ]
            }
          ],
          "datePublic": "2017-07-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Production Tool). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as  unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-09T09:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "name": "1038941",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038941"
            },
            {
              "name": "99701",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/99701"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2017-10222",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Hospitality Materials Control",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "8.31.4"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "8.32.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Production Tool). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Materials Control.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Hospitality Materials Control accessible data as well as  unauthorized read access to a subset of Oracle Hospitality Materials Control accessible data."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1038941",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038941"
                },
                {
                  "name": "99701",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/99701"
                },
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2017-10222",
        "datePublished": "2017-08-08T15:00:00.000Z",
        "dateReserved": "2017-06-21T00:00:00.000Z",
        "dateUpdated": "2024-10-04T17:07:34.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }