Kayran has detected that the version of jQuery UI being used is vulnerable to cross-site scripting.
By accepting the value of the ” altField” option of the Datepicker widget from untrusted sources, untrusted codes may be executed.
An attacker could abuse this to insert and execute commands for his own purposes.
To fix this, update the jQuery UI version being used to 1.13.0 or higher.
As of now, any string value passed to the ” altField” option is now being treated as a CSS selector.
Another option is to not accept the value of the ” altField” option from any untrusted sources.