VAPT issue raised for CKEditor 4.13.0 Cross-Site Scripting

Associating Common Weakness Enumeration (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE 79)

Evidence(s)

Steps to derive Evidence(s)

1.     Request to CKEditor File

2.     Reponse indicating the version

Recommendation(s)

Upgrade CKEditor to the latest version 4.25.1-lts for extended support on the package.

As this JS file is a part of SharePoint itself, cannot upgrade explicitly. Can anyone share the mitigation or plan to get it fixed except until Microsoft releases an update for same.