Lightbox2 version 2.11.3 uses JQuery 3.4.1 which has two XSS vulnerabilities:

https://snyk.io/test/npm/jquery/3.4.1

This means that the https://github.com/lokesh/lightbox2/blob/dev/dist/js/lightbox-plus-jquery.min.js file contains the outdated library.

As a workaround, I downloaded the solution and used bower to pull in the latest JQuery, and hosted it myself instead of using the CDN.

No code changes are required, just putting out a new build that uses JQuery 3.6.0 would sort it.