CVE-2015-9521 - Medium Severity Vulnerability
Vulnerable Library - jquery-1.10.2.js
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.js
Path to vulnerable library: /powerunit-extensions-async/apidocs/jquery/external/jquery/jquery.js,/powerunit-extensions-async/apidocs/ch/powerunit/extensions/async/lang/../../../../../jquery/jquery-1.10.2.js,/powerunit-extensions-async/apidocs/jquery/jquery-1.10.2.js,/powerunit-extensions-async/apidocs/jquery/jquery-1.10.2.js,/powerunit-extensions-async/apidocs/ch/powerunit/extensions/async/lang/class-use/../../../../../../jquery/jquery-1.10.2.js
Dependency Hierarchy:
- ❌ jquery-1.10.2.js (Vulnerable Library)
Found in HEAD commit: 281a45c21459552d38309f20d2e2b3fe005e1ce5
Vulnerability Details
The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Publish Date: 2019-10-23
URL: CVE-2015-9521
CVSS 2 Score Details (4.3)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: jquery/jquery@b078a62
Release Date: 2019-10-23
Fix Resolution: 2.2.0
Step up your Open Source Security Game with WhiteSource here
CVE-2015-9521 - Medium Severity Vulnerability
JavaScript library for DOM operations
Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.js
Path to vulnerable library: /powerunit-extensions-async/apidocs/jquery/external/jquery/jquery.js,/powerunit-extensions-async/apidocs/ch/powerunit/extensions/async/lang/../../../../../jquery/jquery-1.10.2.js,/powerunit-extensions-async/apidocs/jquery/jquery-1.10.2.js,/powerunit-extensions-async/apidocs/jquery/jquery-1.10.2.js,/powerunit-extensions-async/apidocs/ch/powerunit/extensions/async/lang/class-use/../../../../../../jquery/jquery-1.10.2.js
Dependency Hierarchy:
Found in HEAD commit: 281a45c21459552d38309f20d2e2b3fe005e1ce5
The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
Publish Date: 2019-10-23
URL: CVE-2015-9521
Base Score Metrics not available
Type: Upgrade version
Origin: jquery/jquery@b078a62
Release Date: 2019-10-23
Fix Resolution: 2.2.0
Step up your Open Source Security Game with WhiteSource here