CVE-2018-18405

Current Description

** DISPUTED ** jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry.

Basic Data

PublishedApril 22, 2020
Last ModifiedMay 31, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-79
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationJqueryJquery2.2.2*******

Vulnerable Software List

VendorProductVersions
Jquery Jquery 2.2.2

References

NameSourceURLTags
https://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4MISChttps://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4
https://gitter.im/jquery/jquery?at=5ea844a05cd4fe50a3d7ddc9MISChttps://gitter.im/jquery/jquery?at=5ea844a05cd4fe50a3d7ddc9
FEDORA-2020-11be4b36d4FEDORAhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/
https://twitter.com/DanielRufde/status/1255185961866145792MISChttps://twitter.com/DanielRufde/status/1255185961866145792