JQuery Migrate Cross-site Scripting (XSS) Vulnerability
Affected versions of this package are vulnerable to Cross-site Scripting (XSS). The jquery-migrate package used code from an older jquery library that contained the vulnerable location.hash() function. It was used to select elements but also allows remote attackers to inject script into the page.