{"id":"CVE-2018-18405","details":"jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry","modified":"2026-04-10T04:08:43.019753Z","published":"2020-04-22T18:15:10.990Z","references":[{"type":"WEB","url":"https://twitter.com/DanielRufde/status/1255185961866145792"},{"type":"WEB","url":"https://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4"},{"type":"WEB","url":"https://gitter.im/jquery/jquery?at=5ea844a05cd4fe50a3d7ddc9"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jquery/jquery","events":[{"introduced":"0"},{"last_affected":"742610f10e071865fb56907027f9d62bc646562b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.2.2"}]}}],"versions":["1.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0a","1.1","1.1.1","1.1.2","1.1.3","1.1.3.1","1.1.3a","1.1.4","1.1a","1.1b","1.2","1.2.1","1.2.2","1.2.2b","1.2.2b2","1.2.3a","1.2.3b","1.2.4","1.2.4a","1.2.4b","1.2.5","1.3.1rc1","1.3b1","1.3b2","1.3rc1","1.4.3rc1","1.4.3rc2","1.4.4rc1","1.4.4rc2","1.4.4rc3","1.4a1","1.4a2","1.4rc1","1.5.1rc1","1.5.2rc1","1.5b1","1.5rc1","1.6.1rc1","1.6.2rc1","1.6.3rc1","1.6.4rc1","1.6b1","1.6rc1","1.7.1rc1","1.7.2b1","1.7.2rc1","1.7b1","1.7b2","1.7rc1","1.8b1","1.8b2","1.8rc1","1.9.0b1","2.0.0-beta3","2.0.0b1","2.0.0b2","2.1.0-beta1","2.2.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18405.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}