Description
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordLift-AI powered SEO-Schema Cross-Site Scripting (3.37.1)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5492)
Java Denial of Service (DoS) Vulnerability (CVE-2019-2762)
MySQL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0735)