CVE-2018-18405 - OpenCVE

jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Jquery	Jquery

Configuration 1 [-]

cpe:2.3:a:jquery:jquery:2.2.2:*:*:*:*:*:*:*

References

Link	Resource
https://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4
https://gitter.im/jquery/jquery?at=5ea844a05cd4fe50a3d7ddc9
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/
https://twitter.com/DanielRufde/status/1255185961866145792

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-04-22T17:56:57

Updated: 2024-06-11T18:00:55.506Z

Reserved: 2018-10-16T00:00:00

Link: CVE-2018-18405

JSON object: View

NVD Information

Status : Modified

Published: 2020-04-22T18:15:10.990

Modified: 2024-06-11T18:15:11.780

Link: CVE-2018-18405

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-05-31T05:06:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4"}, {"tags": ["x_refsource_MISC"], "url": "https://twitter.com/DanielRufde/status/1255185961866145792"}, {"tags": ["x_refsource_MISC"], "url": "https://gitter.im/jquery/jquery?at=5ea844a05cd4fe50a3d7ddc9"}, {"name": "FEDORA-2020-11be4b36d4", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18405", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4", "refsource": "MISC", "url": "https://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4"}, {"name": "https://twitter.com/DanielRufde/status/1255185961866145792", "refsource": "MISC", "url": "https://twitter.com/DanielRufde/status/1255185961866145792"}, {"name": "https://gitter.im/jquery/jquery?at=5ea844a05cd4fe50a3d7ddc9", "refsource": "MISC", "url": "https://gitter.im/jquery/jquery?at=5ea844a05cd4fe50a3d7ddc9"}, {"name": "FEDORA-2020-11be4b36d4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/"}]}}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T18:00:46.369243Z", "id": "CVE-2018-18405", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T18:00:55.506Z"}}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-18405", "datePublished": "2020-04-22T17:56:57", "dateReserved": "2018-10-16T00:00:00", "dateUpdated": "2024-06-11T18:00:55.506Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jquery:jquery:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "32144AB5-764F-43D5-8BDA-4F386884B9D1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry"}, {"lang": "es", "value": "** EN DISPUTA ** jQuery v2.2.2 permite XSS a trav\u00e9s de un atributo de error dise\u00f1ado de un elemento IMG. NOTA: se ha informado que esta vulnerabilidad es una entrada de spam."}], "id": "CVE-2018-18405", "lastModified": "2024-06-11T18:15:11.780", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-22T18:15:10.990", "references": [{"source": "cve@mitre.org", "url": "https://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4"}, {"source": "cve@mitre.org", "url": "https://gitter.im/jquery/jquery?at=5ea844a05cd4fe50a3d7ddc9"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/"}, {"source": "cve@mitre.org", "url": "https://twitter.com/DanielRufde/status/1255185961866145792"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}