CVE-2015-9521 (Medium) detected in jquery-1.10.2.min.js

Question

CVE-2015-9521 (Medium) detected in jquery-1.10.2.min.js

Closed this issue 4 years ago · 0 comments

mend-for-github-com commented 5 years ago

CVE-2015-9521 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.10.2.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.min.js

Path to dependency file: /tmp/ws-scm/TIBCO-Messaging/samples/javascript/eftl/shared_durable.html

Path to vulnerable library: /TIBCO-Messaging/samples/javascript/eftl/shared_durable.html

Dependency Hierarchy:

❌ jquery-1.10.2.min.js (Vulnerable Library)

Vulnerability Details

The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.

Publish Date: 2019-10-23

URL: CVE-2015-9521

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jquery/jquery@b078a62

Release Date: 2019-10-23

Fix Resolution: 2.2.0