comments (not for humans)
After scanning Norway and Alexa Top 100,000, I decided to scan the Fortune 500 companies. Summarized 385 (77%) out of the 500 are using JavaScript libraries with known vulnerabilities. Which means they will have problems with OWASP Top 10 2013-A9 Using Components with Known Vulnerabilities. Again I would like to stress, that using a library with a known vulnerability, does not necessarily mean the site is vulnerable, because the vulnerable code may not be used.

Libraries

In the charts below red means the version has a known vulnerability

jQuery

jQuery is a very widely used library. I was surprised however to find so many different and old versions in use

jQuery UI

Loads of different versions

jQuery-mobile

Betas and release candidates in use here

YUI

The Yahoo User Interface Library is also quite widely used

Prototype.js

Quite a number of versions in use

Other

comments powered by Disqus