Previously posted under General Support here https://www.nopcommerce.com/boards/t/51288/jquery-1102-vulnerability-in-nop-36.aspx.
PCI compliance scan picked up jQuery vulnerabilities:
vulnerable jQuery version: 1.10.2
Details: Two vulnerabilities fixed in jQuery 3.0.0
CVE 2015-9251
CVE 2016-10707
This was with Nop 3.6, but Nop 4.0 also appears to use same old jQuery.
Please upgrade Nop to jQuery 3.