CVE-2015-9251.yaml

name: CVE-2015-9251
description: jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
author: ni
severity: high
tags:
- cve
- cve2015-9251
- xss
- jquery
requests:
- method: GET
  url: "{{BaseURL}}/ajax/?q=1'><script>alert(1)</script>"
  headers:
    Content-Type: application/x-www-form-urlencoded
  response:
    body:
      contains:
        - 'alert(1)'