Cleansed from a hack, website still with vulnerability...

I get a 500 internal server error on the page source.
The right code here loading second time: view-source:-http://herbal-toko.com/home
See: -https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fherbal-toko.com%2Fhome&ref_sel=GSP2&ua_sel=ff&fs=1

Re: http://killmalware.com/herbal-toko.com/
Detected libraries:
jquery - 1.4 : -http://herbal-toko.com/jquery-1.4.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery - 1.4.2 : (active1) -http://herbal-toko.com/home
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
2 vulnerable libraries detected

ucapan.js with vuln.: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fherbal-toko.com

F-F-C-F-X-status: https://observatory.mozilla.org/analyze.html?host=herbal-toko.com

B-Status: https://sritest.io/#report/9d745911-353d-498c-8ce5-a3eac64264d7

Insecure IDs tracking: 00% of the trackers on this site could be protecting you from NSA snooping. Tell -herbal-toko.com to fix it.

Identifiers | All Trackers
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.

2b0b2fbe3ff0c7d86XXXXX1c529c85e3 -herbal-toko.com phpsessid

Checked: -http://herbal-toko.com/ucapan.js
errors

found JavaScript
error: line:11: SyntaxError: missing ; before statement:
error: line:11: Assalamu<span id="neonl
error: line:11: .^
extra parenthesis found - assignment looking for a semi-colon - StackOverflow info credits go to: Chaos Pandion
It is highly recommended that all such javascript should be compressed.

polonus