Description
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Remediation
References
Related Vulnerabilities
Microsoft SQL Server Other Vulnerability (CVE-2002-1137)
WordPress Plugin Image Gallery-Responsive Photo Gallery SQL Injection (1.0.6)
Apache Tomcat version older than 4.1.39
Apache Tomcat Other Vulnerability (CVE-2006-7195)
WordPress Plugin CM Ad Changer Multiple Cross-Site Scripting Vulnerabilities (1.7.2)