Cross-site Scripting (XSS) - CVE-2020-11023 #50
Description
jQuery version under the dependencies section in the package.json file is set to ">=1.6". Affected versions of this package are vulnerable to Cross-site Scripting (XSS) Passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery’s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code.
Remediation
Update jquery to version 3.5.0 or higher ">=3.5".