Skip to content

CVE-2015-9521 (Medium) detected in jquery-1.10.2.js #67

Description

@mend-bolt-for-github

CVE-2015-9521 - Medium Severity Vulnerability

Vulnerable Library - jquery-1.10.2.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.js

Path to vulnerable library: /powerunit-extensions-async/apidocs/jquery/external/jquery/jquery.js,/powerunit-extensions-async/apidocs/ch/powerunit/extensions/async/lang/../../../../../jquery/jquery-1.10.2.js,/powerunit-extensions-async/apidocs/jquery/jquery-1.10.2.js,/powerunit-extensions-async/apidocs/jquery/jquery-1.10.2.js,/powerunit-extensions-async/apidocs/ch/powerunit/extensions/async/lang/class-use/../../../../../../jquery/jquery-1.10.2.js

Dependency Hierarchy:

  • jquery-1.10.2.js (Vulnerable Library)

Found in HEAD commit: 281a45c21459552d38309f20d2e2b3fe005e1ce5

Vulnerability Details

The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.

Publish Date: 2019-10-23

URL: CVE-2015-9521

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: jquery/jquery@b078a62

Release Date: 2019-10-23

Fix Resolution: 2.2.0


Step up your Open Source Security Game with WhiteSource here

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingsecurity vulnerabilitySecurity vulnerability detected by WhiteSource

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions