See: http://retire.insecurity.today/#!/scan/61878bc0db124584d27f264afedf9c0a106384a794370bf59be90b61565c1e2d
3 vulnerabilities detected.

But the XSS-vulnerable js code is not there, it is here: -https://www.ziggo.nl/etc/designs/upc-generic/js/selfxsswarning.min.f0a10c616431751770613c4b6618fce4.js

See: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.ziggo.nl%2Fetc%2Fdesigns%2Fupc-generic%2Fjs%2Fselfxsswarning.min.f0a10c616431751770613c4b6618fce4.js

It is on that provider page: http://www77.tium.co/assn.nl

Is it a security risk? Code is same-origin → https://sritest.io/#report/06443248-16d5-4e1c-9fd2-8ec7df34d995

undefined variable jQuery and undefined function jQuery

polonus (volunteer website security analyst and website error-hunter)