Cross-Site Scripting Vulnerability in jQuery by jQuery Foundation
CVE-2018-18405

6.1MEDIUM

Key Information:

Vendor

Jquery

Status
Jquery
Vendor
CVE Published:
22 April 2020

What is CVE-2018-18405?

A vulnerability in jQuery v2.2.2 allows attackers to exploit an XSS flaw via a maliciously crafted 'onerror' attribute within an IMG element. This can potentially enable attackers to execute arbitrary scripts in the context of an affected user's browser session, leading to data theft or further exploitation of the web application. It is critical for developers and web administrators to apply security best practices and ensure that jQuery is updated to mitigate this issue.

References

https://gist.github.com/CyberSecurityUP/26c5b032897630fe8...
x_refsource_MISC
https://twitter.com/DanielRufde/status/1255185961866145792
x_refsource_MISC
https://gitter.im/jquery/jquery?at=5ea844a05cd4fe50a3d7ddc9
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.