This script is vulnerable and found on many a compromised website...

Re: -https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js
200 OK
Content-Length: 91342
Content-Type: text/javascript
clean
-https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js
Detected libraries:
jquery - 1.6.1 : -https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
1 vulnerable library detected

DOM XSS issues: Results from scanning URL: -https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js
Number of sources found: 40
Number of sinks found: 19

Sizzle.js exploits: http://blog.9bplus.com/if-i-were-an-attacker-third-party-js-librarie/
https://oscarotero.com/embed/demo/index.php?url=https%3A%2F%2Fajax.googleapis.com%2Fajax%2Flibs%2Fjquery%2F1.6.1%2Fjquery.min.js+&options[minImageWidth]=0&options[minImageHeight]=0&options[facebookAccessToken]=&options[embedlyKey]=&options[soundcloudClientId]=YOUR_CLIENT_ID&options[oembedParameters]=
Makes some shellcode attacks possible…

polonus (volunteer website security analyst and website error-hunter)

Script has malware -

CAPTCHA_URL: “-https://coinhive.com/captcha/”,
MINER_URL: “-https://coinhive.com/media/miner.html”,
AUTH_URL: “-https://authedmine.com/authenticate.html
};
CoinHive.CRYPTONIGHT_WORKER_BLOB = CoinHive.Res(" self.WASM_BINARY_INLINE= etc. etc.

A recent example where we again mee retirable jQuery library, /*! * jQuery JavaScript Library v1.9.1 * -http://jquery.com/ * * Includes Sizzle.js * http://sizzlejs.com/ * *
This was scanned here: https://urlscan.io/result/d5c55ef0-42f7-4a79-b153-5e484489222d/ (manual scan, but not by me, pol).
Mentioned as a detected library here: https://retire.insecurity.today/#!/scan/71d48d00438240df1127507f6c8a2416a5de502d9f40b4be67592fa270cc6ffb
with a discussion on the found threat here: https://github.com/jquery/jquery/issues/2432
error

restaurantzumkloster.com/js/jquery-1.9.1.js
status: (referer=saved 538519 bytes 366fd693b9b733ce6b2bcd5992f61db8150d2adb
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
error: line:10249: SyntaxError: unterminated string literal:
error: line:10249: bort,"enlargeMemory":enlargeMemory,"getTotalMemory":getTotalMemory,"abortOnC
error: line:10249: ^
file: 366fd693b9b733ce6b2bcd5992f61db8150d2adb: 538519 bytes

DOM XSS Scan Results
Results from scanning URL: -http://restaurantzumkloster.com/js/jquery-1.9.1.js
Number of sources found: 120
Number of sinks found: 105

Another issue → It looks like a cookie is being set without the “HttpOnly” flag being set (name : value):

PHPSESSID : 97e4d17a9f9b66050886588776b05544
Unless the cookie legitimately needs to be read by JavaScript on the client, the “HttpOnly” flag should always be set to ensure it cannot be read by the client and used in an XSS attack.

The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:

Excessive server info proliferation found.
Server: Apache
X-Powered-By: PHP/7.1.16
Configuring the application to not return unnecessary headers keeps this information silent and makes it significantly more difficult to identify the underlying frameworks.

polonus (volunteer website security analyst and website error-hunter)