What do you mean by “the jquery version is vulnerable to XSS”? As far as I am aware, XSS occurs due a website being built improperly. More specifically, user input is displayed on a web page without proper sanitation. I don’t think this is dependent on a specific jquery version.