The problem has been patched in posthog-js version 1.57.2.
Workarounds
This isn't an issue for sites that have a Content Security Policy in place.
Using the HTML tracking snippet on PostHog Cloud always guarantees the latest version of the library – in that case no action is required to upgrade to the patched version.
References
We will publish details of the vulnerability in 30 days as per our security policy.