CVE-2015-9521 (Medium) detected in jquery-1.7.1.min.js, jquery-1.10.2.min.js

[mend-for-github-com[bot]]

CVE-2015-9521 - Medium Severity Vulnerability

Vulnerable Libraries - jquery-1.7.1.min.js, jquery-1.10.2.min.js

jquery-1.7.1.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.7.1/jquery.min.js

Path to dependency file: /tmp/ws-scm/openfin-react-hooks/demo/node_modules/vm-browserify/example/run/index.html

Path to vulnerable library: /openfin-react-hooks/demo/node_modules/vm-browserify/example/run/index.html,/openfin-react-hooks/demo/node_modules/sockjs/examples/hapi/html/index.html,/openfin-react-hooks/demo/node_modules/sockjs/examples/echo/index.html,/openfin-react-hooks/demo/node_modules/sockjs/examples/express/index.html,/openfin-react-hooks/demo/node_modules/sockjs/examples/multiplex/index.html,/openfin-react-hooks/demo/node_modules/sockjs/examples/express-3.x/index.html

Dependency Hierarchy: - :x: **jquery-1.7.1.min.js** (Vulnerable Library)

jquery-1.10.2.min.js

JavaScript library for DOM operations

Library home page: https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.min.js

Path to dependency file: /tmp/ws-scm/openfin-react-hooks/node_modules/nlf/reports/coverage.html

Path to vulnerable library: /openfin-react-hooks/node_modules/nlf/reports/coverage.html

Dependency Hierarchy: - :x: **jquery-1.10.2.min.js** (Vulnerable Library)

Vulnerability Details

The Easy Digital Downloads (EDD) Pushover Notifications extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.

Publish Date: 2019-10-23

URL: CVE-2015-9521

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://github.com/jquery/jquery/commit/b078a62013782c7424a4a61a240c23c4c0b42614

Release Date: 2019-10-23

Fix Resolution: 2.2.0