I am using a licensed version of flexmonster. I carried out security scan at our end. And found out the following flaw in the js:
Cross-Site Scripting: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Attack Vector: jQueryResult.load
Could you please tell if this vulnerability is fixed in any version or this vulnerability is false as your code takes care of it by any way or Are there any security checks carried out at your end to ensure this vulnerability is mitigated.
Thank you for the question.
We have removed jQuery dependency starting at version 2.4 (Aug 2017).
The message contains
Attack Vector: jQueryResult.load so updating to the latest version (currently it is 2.7.2) should fix the issue.
Hope it helps.
BTW, could you please indicate your license owner’s company name (we need it for our internal records)?