comments (not for humans)
After scanning Norway I decided to scan the Alexa top 100,000 sites. Summarized over 60% are using JavaScript libraries with known vulnerabilities. Which means they will have problems with OWASP Top 10 2013-A9 Using Components with Known Vulnerabilities. I would like to stress though, that using a library with a known vulnerability, does not necessarily mean the site is vulnerable, because the vulnerable code may not be used.

Overall results

  • Top 1,000 - 551 - 55,1% using libraries with known vulnerabilities
  • Top 10,000 - 6,185 - 61,85% using libraries with known vulnerabilities
  • Top 100,000 - 60,866 - 60,866% using libraries with known vulnerabilities

Libraries

jQuery

jQuery is a very widely used library. I was surprised however to find so many different and old versions in use

jQuery UI

Loads of different versions

jQuery-mobile

Betas and release candidates in use here

YUI

The Yahoo User Interface Library is also quite widely used

Prototype.js

Quite a number of versions in use

Other

comments powered by Disqus