CWE 201: window.open [closed]

Getting veracode scan vulnerbility as CWE 201 in window.open Javascript code

const win = window.open(${endpoint}${consultID}-${officeID}&redirect_uri=${homepage_url},"_blank", "width=600,height=560,scrollbars=yes,toolbar=no,menubar=no,resizable=yes")

how to run this code without getting vulnerability in veracode scan?