WebForms script functions tagged as embedding untrusted data or making unsafe object assignment

Question

I did a security scan on an app that uses webforms. I found 10 security-related issues in several javascript files. I have not modified these scripts in any way. Can these issues be considered false positives? Most of the issues raised by the security report are "function embeds untrusted data in the generated output" and "an unsafe object assignment occurred". Here is a list of the javascript files from CDN:

https://ajax.aspnetcdn.com/ajax/4.5.1/1/SmartNav.js

https://ajax.aspnetcdn.com/ajax/4.5.1/1/WebParts.js

https://ajax.aspnetcdn.com/ajax/4.5.1/1/MicrosoftAjaxHistory.js

https://ajax.aspnetcdn.com/ajax/4.5.1/1/MicrosoftAjax.js

And I do see these files being referenced in Bundlle.Config.cs. Here are the ten issues from the security report. These are marked as "High" risk:

[1] The application's function embeds untrusted data in the generated output with href, at line 34 of \Scripts\WebForms\SmartNav.js. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.

[2] The application's WebPartManager_InitiateWebPartDragDrop embeds untrusted data in the generated output with appendChild, at line 453 of \Scripts\WebForms\WebParts.js. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.

[3] The application's function embeds untrusted data in the generated output with write, at line 230 of \Scripts\WebForms\MSAjax\MicrosoftAjaxHistory.js. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.

[4] The application's function embeds untrusted data in the generated output with write, at line 3411 of \Scripts\WebForms\MSAjax\MicrosoftAjax.js. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.

[5] The application's function embeds untrusted data in the generated output with write, at line 230 of \Scripts\WebForms\MSAjax\MicrosoftAjaxHistory.js. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.

[6] The application's function embeds untrusted data in the generated output with write, at line 3411 of \Scripts\WebForms\MSAjax\MicrosoftAjax.js. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.

[7] An unsafe object assignment occurred in \Scripts\WebForms\MSAjax\MicrosoftAjaxHistory.js at line 100. Assigning external properties without validation may allow object properties pollution and affect application's normal behavior.

[8] An unsafe object assignment occurred in \Scripts\WebForms\MSAjax\MicrosoftAjax.js at line 3281. Assigning external properties without validation may allow object properties pollution and affect application's normal behavior.

[9] An unsafe object assignment occurred in \Scripts\WebForms\MSAjax\MicrosoftAjaxHistory.js at line 100. Assigning external properties without validation may allow object properties pollution and affect application's normal behavior.

[10] An unsafe object assignment occurred in \Scripts\WebForms\MSAjax\MicrosoftAjax.js at line 3281. Assigning external properties without validation may allow object properties pollution and affect application's normal behavior.

I am hoping these javascript files are safe to use. Let me know what your thoughts are on these javascript security issues.

Thanks.