Update Jquery to version 3.0.0 or greater to fix CVE-2015-9251

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Low
    • 9.6.0
    • Affects Version/s: 9.2.13
    • Component/s: Security
    • None
    • 1
    • Severity 3 - Minor

      Issue Summary

      jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

      https://nvd.nist.gov/vuln/detail/CVE-2015-9251

      Steps to Reproduce

      Check the version of Jquery used, in Bamboo 9.2.13 version 2.2.4 is used

      Expected Results

      Version > 3.0.0 should be used.

      Actual Results

      NA

      Workaround

      None

            Assignee:
            Unassigned
            Reporter:
            Shashank Kumar
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: