Description
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Remediation
References
Related Vulnerabilities
WordPress Plugin Marketo Forms and Tracking Cross-Site Request Forgery (1.0.2)
WordPress Plugin Advanced Custom Fields PRO Multiple Security Bypass Vulnerabilities (5.10)
MySQL CVE-2020-14891 Vulnerability (CVE-2020-14891)
Drupal Core 4.6.x Multiple Vulnerabilities (4.6.0 - 4.6.3)
WordPress Plugin WooCommerce Stock Manager Security Bypass (1.0.7)