VulnerableCode Package Details - pkg:nuget/jQuery@1.0.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-8mpx-4ueh-qqfv Aliases: CVE-2020-23064 GHSA-257q-pv89-v3xv	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.	3.5.0 Affected by 0 other vulnerabilities.
VCID-cvxp-ctj9-guej Aliases: CVE-2020-11023 GHSA-jpcq-cgw6-v4j6	Potential XSS vulnerability in jQuery ### Impact Passing HTML containing `<option>` elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code. ### Patches This problem is patched in jQuery 3.5.0. ### Workarounds To workaround this issue without upgrading, use [DOMPurify](https://github.com/cure53/DOMPurify) with its `SAFE_FOR_JQUERY` option to sanitize the HTML string before passing it to a jQuery method. ### References https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ ### For more information If you have any questions or comments about this advisory, search for a relevant issue in [the jQuery repo](https://github.com/jquery/jquery/issues). If you don't find an answer, open a new issue.	3.5.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-8mpx-4ueh-qqfv
Aliases:
CVE-2020-23064
GHSA-257q-pv89-v3xv

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element.

3.5.0
Affected by 0 other vulnerabilities.

VCID-cvxp-ctj9-guej
Aliases:
CVE-2020-11023
GHSA-jpcq-cgw6-v4j6

Potential XSS vulnerability in jQuery ### Impact Passing HTML containing `<option>` elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code. ### Patches This problem is patched in jQuery 3.5.0. ### Workarounds To workaround this issue without upgrading, use [DOMPurify](https://github.com/cure53/DOMPurify) with its `SAFE_FOR_JQUERY` option to sanitize the HTML string before passing it to a jQuery method. ### References https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ ### For more information If you have any questions or comments about this advisory, search for a relevant issue in [the jQuery repo](https://github.com/jquery/jquery/issues). If you don't find an answer, open a new issue.

3.5.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T16:59:46.813741+00:00	GHSA Importer	Affected by	VCID-8mpx-4ueh-qqfv	https://github.com/advisories/GHSA-257q-pv89-v3xv	38.1.0
2026-04-02T12:36:40.047031+00:00	GitLab Importer	Affected by	VCID-cvxp-ctj9-guej	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/jQuery/CVE-2020-11023.yml	38.0.0
2026-04-01T15:58:05.984649+00:00	GHSA Importer	Affected by	VCID-cvxp-ctj9-guej	https://github.com/advisories/GHSA-jpcq-cgw6-v4j6	38.0.0
2026-04-01T12:51:28.502363+00:00	GitLab Importer	Affected by	VCID-8mpx-4ueh-qqfv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/jQuery/CVE-2020-23064.yml	38.0.0