Launchpad.net

CVE 2018-18405

** DISPUTED ** jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry.

See the CVE page on Mitre.org for more details.