Description
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Other Vulnerability (CVE-2002-2012)
Drupal CVE-2018-7602 Vulnerability (CVE-2018-7602)
Oracle Application Server CVE-2006-3713 Vulnerability (CVE-2006-3713)
Jboss EAP Observable Discrepancy Vulnerability (CVE-2022-3143)
WordPress Plugin WP OAuth Server (OAuth Authentication) Cross-Site Scripting (4.2.1)