Description
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Remediation
References
Related Vulnerabilities
PHP Numeric Errors Vulnerability (CVE-2008-2107)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-2138)
WordPress Plugin Post Grid Gutenberg Blocks and WordPress Blog-PostX Security Bypass (4.1.2)
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.39)
WordPress Plugin Booking Calendar Local File Inclusion (7.0)