Cross-site Scripting (XSS) Affecting jquery package, versions *
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Scope
Changed
Threat Intelligence
EPSS
0.12% (45th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN8-JQUERY-570419
- published 26 May 2020
- disclosed 22 Apr 2020
Introduced: 22 Apr 2020
CVE-2018-18405 Open this link in a new tabHow to fix?
There is no fixed version for Debian:8 jquery.
NVD Description
Note: Versions mentioned in the description apply only to the upstream jquery package and not the jquery package as distributed by Debian.
See How to fix? for Debian:8 relevant fixed versions and status.
jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry
References
- https://security-tracker.debian.org/tracker/CVE-2018-18405
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/
- https://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4
- https://gitter.im/jquery/jquery?at=5ea844a05cd4fe50a3d7ddc9
- https://twitter.com/DanielRufde/status/1255185961866145792
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/