You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We're currently using both OWASP Dependency Check to Dependency Track and during our tests we noticed that the dependency check report CVE-2015-9251, jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. But I cannot find such vulnerablility in my sources.
Dependency Track Version 4.13.4.
National Vulnerability Database mirroring: Enabled
Enable GitHub Advisory mirroring: Enabled
Select ecosystem to enable Google OSV Advisory mirroring: for maven & npm
ossindex.api.username & ossindex.api.token configured in container's env.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
We're currently using both OWASP Dependency Check to Dependency Track and during our tests we noticed that the dependency check report CVE-2015-9251, jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. But I cannot find such vulnerablility in my sources.
Dependency Track Version 4.13.4.
National Vulnerability Database mirroring: Enabled
Enable GitHub Advisory mirroring: Enabled
Select ecosystem to enable Google OSV Advisory mirroring: for maven & npm
ossindex.api.username & ossindex.api.token configured in container's env.
Beta Was this translation helpful? Give feedback.
All reactions