Description
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Remediation
References
Related Vulnerabilities
Joomla! Core 1.5.x Multiple SQL Injection Vulnerabilities (1.5.0 - 1.5.21)
WordPress Plugin Gallery-Photo Albums-Portfolio Cross-Site Scripting (1.3.47)
WebLogic CVE-2019-2615 Vulnerability (CVE-2019-2615)
Oracle Database Server CVE-2016-0472 Vulnerability (CVE-2016-0472)
MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2025-50093)