CVSS v3: 6.9
- >= 4.4.0
Passing HTML containing
<option> elements from untrusted sources - even after
sanitizing them - to one of jQuery’s DOM manipulation methods (i.e.
.append(), and others) may execute untrusted code.
To workaround this issue without upgrading, use DOMPurify with its
SAFE_FOR_JQUERY option to sanitize the HTML string before passing it to a