Search for packages
| purl | pkg:nuget/jquery@1.11.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5618-53yg-8qh4
Aliases: CVE-2020-11022 GHSA-gxr4-xjj5-5px2 |
Potential XSS vulnerability in jQuery ### Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may execute untrusted code. ### Patches This problem is patched in jQuery 3.5.0. ### Workarounds To workaround the issue without upgrading, adding the following to your code: ```js jQuery.htmlPrefilter = function( html ) { return html; }; ``` You need to use at least jQuery 1.12/2.2 or newer to be able to apply this workaround. ### References https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://jquery.com/upgrade-guide/3.5/ ### For more information If you have any questions or comments about this advisory, search for a relevant issue in [the jQuery repo](https://github.com/jquery/jquery/issues). If you don't find an answer, open a new issue. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T01:32:30.098617+00:00 | GHSA Importer | Affected by | VCID-5618-53yg-8qh4 | https://github.com/advisories/GHSA-gxr4-xjj5-5px2 | 38.4.0 |
| 2026-04-11T13:01:49.019908+00:00 | GHSA Importer | Affected by | VCID-5618-53yg-8qh4 | https://github.com/advisories/GHSA-gxr4-xjj5-5px2 | 38.3.0 |
| 2026-04-02T13:53:48.336381+00:00 | GHSA Importer | Affected by | VCID-5618-53yg-8qh4 | https://github.com/advisories/GHSA-gxr4-xjj5-5px2 | 38.1.0 |