fileClient DOM XSS\Path 2: 
Method && at line 4907 of webapp/src/main/webapp/media/lst-self-register-form/lst-self-register-form/lstself-register-form.core.pf.js gets user input for the location element. This element’s value then flows through client-side code without being properly sanitized or validated and is eventually displayed to the user in Promise at line 5151 of webapp/src/main/webapp/media/lst-self-register-form/lst-self-register-form/lst-self-registerform.core.pf.js.This may enable a DOM XSS attack.


Source
File: webapp/src/main/webapp/media/lst-self-register-form/lst-self-register-form/lst-self-register-form.core.pf.js

Line: 4935
Object: location 

Destination 
File: webapp/src/main/webapp/media/lst-self- register-form/lst-self-register-form/lst- self-register-form.core.pf.js
Line: 5153
Object: write 



(same as the first issue, but one under auto-generated folder) 
webapp/src/main/webapp/media/auto-generated-dist/lst-self-register-form/lst- self-register-form/lst-self-register-form.core.pf.js