The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Node.js jquery: Cross Site Scripting via Ajax request

Synthesis of the vulnerability 

An attacker can trigger a Cross Site Scripting via Ajax requests in Node.js jquery, in order to run JavaScript code in the context of the web site.
Impacted products: Nodejs Modules ~ not comprehensive, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, RabbitMQ, SLES.
Severity of this bulletin: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 22/03/2017.
Références of this threat: bulletinjul2018, cpuapr2019, cpujan2019, cpuoct2018, cpuoct2019, CVE-2015-9251, CVE-2017-16012-REJECT, SUSE-SU-2020:0737-1, VIGILANCE-VUL-22215.

Description of the vulnerability 

An attacker can trigger a Cross Site Scripting via Ajax requests in Node.js jquery, in order to run JavaScript code in the context of the web site.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity announce impacts software or systems such as Nodejs Modules ~ not comprehensive, Oracle Communications, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, RabbitMQ, SLES.

Our Vigil@nce team determined that the severity of this threat alert is medium.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 2 vulnerabilities.

An attacker with a expert ability can exploit this computer weakness alert.

Solutions for this threat 

Node.js jquery: version 3.0.0.
The version 3.0.0 is fixed:
  https://npmjs.org/package/jquery

Oracle Communications: CPU of April 2019.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2518758.1
  https://support.oracle.com/rs?type=doc&id=2518763.1
  https://support.oracle.com/rs?type=doc&id=2522151.1
  https://support.oracle.com/rs?type=doc&id=2519787.1
  https://support.oracle.com/rs?type=doc&id=2522126.1
  https://support.oracle.com/rs?type=doc&id=2522123.1
  https://support.oracle.com/rs?type=doc&id=2518753.1
  https://support.oracle.com/rs?type=doc&id=2522121.1
  https://support.oracle.com/rs?type=doc&id=2528862.1
  https://support.oracle.com/rs?type=doc&id=2518754.1

Oracle Communications: CPU of January 2019.
A Critical Patch Update is available:
  https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Oracle Fusion Middleware: CPU of April 2019.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2498664.1

Oracle Fusion Middleware: CPU of January 2019.
A Critical Patch Update is available:
  https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Oracle Fusion Middleware: CPU of October 2019.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2568292.1

Oracle Fusion Middleware: CPU of Octobre 2018.
A Critical Patch Update is available:
  https://support.oracle.com/rs?type=doc&id=2433477.1

Oracle Solaris: patch for third party software of July 2018 v3.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

RabbitMQ: version 3.7.17.
The version 3.7.17 is fixed:
  https://rabbitmq.com/download.html

SUSE LE 15: new ruby2.5 packages.
New packages are available:
  SUSE LE 15 RTM: ruby2.5 2.5.7-4.8.1
  SUSE LE 15 SP1: ruby2.5 2.5.7-4.8.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides software vulnerability announces. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.