Scriptaculous is listed with the Javascript Hacking vulnerability in the following site: [http://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2384]
Does any know if this has been resolved since the article was posted in 2008?
I think the vulnerability of Scriptaculous was due to Prototype js 1.6. https://security-tracker.debian.org/tracker/CVE-2007-2383 If u want to use scriptaculous without vulnerability u have to replace the prototype js file in the scriptaculos with the latest prototype js version. The latest today I think is 1.7.3