Relatively simple fix for this if you are comfortable modifying a core file;
The snippet https://github.com/j...mment-403761229here can be added to the template file design/themes/responsive/templates/common/scripts.tpl just after the inclusion of jquery.
This allowed me to file a dispute with my ASV against the scan result, showing that I had patched the vulnerability.
I have got fixed this issue by our website guru but after I disputed it trustwave denied it :-( so any idea or we will need separate with cscart ? :-) Ridiculous is they do not have a f paypal iframe :-( and the best everyone silent from cscart stuff
Ok I am not going to cry but going to find what to do as next step