CVE-2018-18405

jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element.
Source: NIST
CVE-2018-18405