Kayran has detected that the version of the jquery-migrate package you use is vulnerable to Cross-site Scripting (XSS) attacks. The jquery-migrate package used code from an older jQuery library that contains a vulnerable function called location.hash().
This function is being used to select elements on your page.
Cross-site scripting vulnerabilities usually allow an attacker to impersonate as a victim user.
The malicious link executes the attacker’s chosen code on the user’s system which could allow the attacker to steal the user’s active session cookie for example.
This vulnerability allows attackers to inject malicious scripts into the pages in question.
Upgrade the version of the jquery-migrate you use.
Make sure you upgrade to version 1.2.1 or higher.