comments (not for humans)
After scanning Norway I decided to scan the Alexa top 100,000 sites. Summarized over 60% are using JavaScript libraries with known vulnerabilities. Which means they will have problems with OWASP Top 10 2013-A9 Using Components with Known Vulnerabilities. I would like to stress though, that using a library with a known vulnerability, does not necessarily mean the site is vulnerable, because the vulnerable code may not be used.

Overall results

  • Top 1,000 - 551 - 55,1% using libraries with known vulnerabilities
  • Top 10,000 - 6,185 - 61,85% using libraries with known vulnerabilities
  • Top 100,000 - 60,866 - 60,866% using libraries with known vulnerabilities



jQuery is a very widely used library. I was surprised however to find so many different and old versions in use

jQuery UI

Loads of different versions


Betas and release candidates in use here


The Yahoo User Interface Library is also quite widely used


Quite a number of versions in use


comments powered by Disqus