comments (not for humans)
After working on retire.js I decided to take it for a real test run. I setup a node script with phantomjs and scanned the landing page of 150,000 Norwegian domains. These are the results. You will find that a lot of sites are using really old versions of libraries with known vulnerabilities (red means the library has known vulnerabilities). I think this supports the idea that most sites have the jQuery version that was available when the site was first made. Oh, and using a vulnerable library does not necessarily mean the site is vulnerable, but it might be.

Updated 8th of February, 2014:

jQuery

jQuery is a very widely used library. I was surprised however to find so many different and old versions in use

jQuery UI

Loads of different versions

jQuery-mobile

Betas and release candidates in use here

YUI

The Yahoo User Interface Library is also quite widely used

Prototype.js

Quite a number of versions in use

Other

comments powered by Disqus