comments (not for humans)
After scanning Norway and Alexa Top 100,000, I decided to scan the Fortune 500 companies. Summarized 385 (77%) out of the 500 are using JavaScript libraries with known vulnerabilities. Which means they will have problems with OWASP Top 10 2013-A9 Using Components with Known Vulnerabilities. Again I would like to stress, that using a library with a known vulnerability, does not necessarily mean the site is vulnerable, because the vulnerable code may not be used.


In the charts below red means the version has a known vulnerability


jQuery is a very widely used library. I was surprised however to find so many different and old versions in use

jQuery UI

Loads of different versions


Betas and release candidates in use here


The Yahoo User Interface Library is also quite widely used


Quite a number of versions in use


comments powered by Disqus