Vulnerability Description
jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jquery | Jquery | 2.2.2 |
Related Weaknesses (CWE)
References
- https://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4
- https://gitter.im/jquery/jquery?at=5ea844a05cd4fe50a3d7ddc9
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://twitter.com/DanielRufde/status/1255185961866145792
- https://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4
- https://gitter.im/jquery/jquery?at=5ea844a05cd4fe50a3d7ddc9
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://twitter.com/DanielRufde/status/1255185961866145792
FAQ
What is CVE-2018-18405?
CVE-2018-18405 is a vulnerability with a CVSS score of 6.1 (MEDIUM). jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry
How severe is CVE-2018-18405?
CVE-2018-18405 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-18405?
Check the references section above for vendor advisories and patch information. Affected products include: Jquery Jquery.