The fact is that the Northwestern researchers have returned to the burden by publishing another study, in which they point out that vulnerable bookstores can be “very dangerous” under the right conditions. The study points to an old JQuery bug that could be exploited using a sequence attack of comets between pages or XSS.
So the study was done
To prepare the study, they looked at the first 75,000 Alexa websites , and then randomly selected 75,000 .com domains , assigning 72 different libraries and their respective versions. In general, 87% of the websites of Alexa, and 46.5% of the “dot com” used at least one of the 72 libraries.
Among the study findings, 36.7% of JQuery, 40.1% of Angular, 86.6% of Handlebars and 87.3% of YUI use some vulnerable version . In addition, the researchers found that 9.7% of the websites included in the study use two or more vulnerable versions of one of the libraries.
However, it is less likely that the most popular websites use any of these obsolete libraries. The Northeastern researchers saw that only 21% of the top 100 had this problem. That does not mean that, in the words of the researchers, the JavaScritp ecosystem is a complete disaster:
To remedy this situation will take a long time and it will be a very difficult task, since most websites use very obsolete libraries, according to the study.