Description
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Remediation
References
Related Vulnerabilities
WordPress Plugin Google Captcha (reCAPTCHA) by BestWebSoft Cross-Site Scripting (1.05)
Oracle Database Server CVE-2023-22077 Vulnerability (CVE-2023-22077)
D3.js Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-16044)
Moodle Improper Input Validation Vulnerability (CVE-2021-3943)
Apache Tomcat Improper Authentication Vulnerability (CVE-2013-2067)