Description
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Remediation
References
Related Vulnerabilities
WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap Security Bypass (3.5.4)
Joomla! Core 1.7.x Security Bypass (1.7.0 - 1.7.2)
MySQL CVE-2018-3070 Vulnerability (CVE-2018-3070)
Omeka Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-5100)
WordPress Plugin Ultimate Membership Pro SQL Injection (3.3)