A vulnerability was found in jQuery v2.2.2. XSS is possible via a crafted onerror attribute of an IMG element.
Created drupal7 tracking bugs for this issue: Affects: epel-all [bug 1837518] Affects: fedora-all [bug 1837516] Created js-jquery tracking bugs for this issue: Affects: epel-7 [bug 1837509] Affects: fedora-all [bug 1837520] Created js-jquery1 tracking bugs for this issue: Affects: epel-7 [bug 1837507] Affects: fedora-all [bug 1837514] Created js-jquery2 tracking bugs for this issue: Affects: fedora-all [bug 1837521] Created python-XStatic-jQuery tracking bugs for this issue: Affects: epel-7 [bug 1837510] Affects: fedora-all [bug 1837523] Affects: openstack-rdo [bug 1837513] Created python-XStatic-jquery-ui tracking bugs for this issue: Affects: epel-7 [bug 1837508] Affects: fedora-all [bug 1837522] Affects: openstack-rdo [bug 1837515] Created python-tw-jquery tracking bugs for this issue: Affects: epel-6 [bug 1837519] Created python-tw2-jquery tracking bugs for this issue: Affects: epel-6 [bug 1837527] Affects: epel-7 [bug 1837511] Affects: fedora-all [bug 1837525] Created rubygem-jquery-rails tracking bugs for this issue: Affects: fedora-all [bug 1837524] Created rubygem-jquery-ui-rails tracking bugs for this issue: Affects: fedora-all [bug 1837526]
Statement: Red Hat Product Security does not consider this to be a vulnerability. This CVE appears to be a spam entry.
All dependent bugs have been closed... please close this bug
In reply to comment #19: > All dependent bugs have been closed... please close this bug Closing, MITRE now shows disputed reflecting our statement: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18405