Update Jquery to version 3.0.0 or greater to fix CVE-2015-9251

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Low
    • 9.6.0
    • Affects Version/s: 9.2.13
    • Component/s: Security
    • None
    • 1
    • Severity 3 - Minor

      Issue Summary

      jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

      https://nvd.nist.gov/vuln/detail/CVE-2015-9251

      Steps to Reproduce

      Check the version of Jquery used, in Bamboo 9.2.13 version 2.2.4 is used

      Expected Results

      Version > 3.0.0 should be used.

      Actual Results

      NA

      Workaround

      None

              Assignee:
              Unassigned
              Reporter:
              Shashank Kumar
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: