Script insecurity here?

[polonus]

We started from: http://urlquery.net/report.php?id=1491233976210

See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fvidbitfuture.co
On the script therein:

wXw.gstatic.com/hosted/modernizr/v2_8_3/basic.js benign
[nothing detected] (script) wXw.gstatic.com/hosted/modernizr/v2_8_3/basic.js
     status: (referer=www.google-analytics.com/)saved 8187 bytes 0ef7cec9e2183ac29794ced1f32551197dcd006f
     info: [decodingLevel=0] found JavaScript
     error: undefined variable j
     suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes

* undefined variable j going back to -http://vidbitfuture.co/recoverpass.php
and affecting open stream for -http://vidbitfuture.co/js/video_queue.js
with a hidden download and the following error

found JavaScript
     error: undefined variable $
     error: undefined function $

Retirable code: -http://vidbitfuture.co
Detected libraries:
jquery - 1.11.0 : (active1) -http://vidbitfuture.co/js/jquery-1.11.0.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected

F-F-X insecurity status: https://observatory.mozilla.org/analyze.html?host=vidbitfuture.co

B-ststus with two script issues: https://sritest.io/#report/43bbfb62-8623-43bf-98ea-8a88d9aff972

Site is neither malicious nor suspicious, but could do with some security mitigation for the issues set out here. 

Consider also: https://urlscan.io/result/b104ec95-5612-4045-a115-236060f3e40e#summary

polonus (volunteer website secruity analyst and website error-hunter)

P.S. Would be interesting to check that recoverpass. php using http://www.dvwa.co.uk/

D