Apparently fixed for this: https://tracker.moodle.org/browse/MDL-44929
for this script, where they give no vulnerabilities found: -http://www.klasse-uk.com/
Detected libraries:
YUI - 3.17.2 : -http://static.squarespace.com/universal/scripts-compressed/common-e9b45073be59844f5f44-min.js

See issues: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fstatic.squarespace.com%2Funiversal%2Fscripts-compressed%2Fcommon-e9b45073be59844f5f44-min.js (227 sources and 82 sinks).

Same origin offences: https://sritest.io/#report/ee19e93b-71d6-4f95-b0d6-da17477e631d

Errors in script

found JavaScript
error: undefined variable YUI
error: undefined variable YUI_CONFIG
error: undefined function YUI
error: line:3: SyntaxError: missing = in XML attribute:
error: line:3:
error: line:3: …^
info: [script] -static.squarespace.com/universal/scripts-compressed/
info: [embed] -static.squarespace.com/universal/scripts-compressed/
info: [img] -static.squarespace.com/universal/scripts-compressed/
info: [decodingLevel=0] found JavaScript
suspicious: maxruntime exceeded 10 seconds (incomplete)
undefined variable a

an uninitialized variable is problematic…
For site.js we get

found JavaScript
error: undefined variable Y
error: undefined function Y.use

output error…

polonus