Website insecurity and undefined variable document error in jQuery code...

See, 13 unsafe items here: https://sritest.io/#report/af4eb130-506d-4338-a378-8f3a9af68bd3
F-E-X-status here: https://observatory.mozilla.org/analyze.html?host=www.ucsc.edu
Exposing name server’s versions may be risky, when a new vulnerability is found your name servers may be automatically exploited by script kiddies until you patch the system: http://www.dnsinspect.com/ucsc.edu/1482060736
with vulnerabilities, e.g. https://vuldb.com/?id.77551 & Redhat Open Resolver Project Besame Mucho Bind ISC DNS cookie vuln.

Vulnerable jQuery library detected: http://retire.insecurity.today/#!/scan/f7e3759426bb431fc5673c8f3b7ed2fc475edd085ffdbda36381af515e5316f0
DOM-XSS vuln.: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fstatic.ucsc.edu%2F_responsive%2Flib%2Fjquery%2Fdist%2Fjquery.js
error detected

undefined variable document
Remove the var part and it will be OK.
Info credits go to StackOverflow’s Gaby.

polonus (volunteer website security analyst and website error-hunter)