To reach the conclusion, researchers from the Boston-based Northeastern University, according to the investigation of 133,000 Websites. Therefore, the error can be exploited under certain circumstances, to an old Cross-Site Scripting vulnerability in jQuery to inject malicious scripts in a web site.
Researchers from Northeastern University in Boston, studied 133.000 websites and found that 37 percent of them use at least one JavaScript library, in which a well-known is the weak point. With the current study, the researchers used the results of a 2014 study carried out, the potential safety had been identified risks due to the Load of outdated versions of JavaScript libraries, including jQuery and AngularJS Framework in the Browser.
This erroneous Libraries can be exploited under certain circumstances, a well-known Cross-Site Scripting exploit vulnerability in jQuery. About the attackers then possible, the scripts of your choice in a Website to inject. For their study, the researchers from Boston semi which, according to Amazon’s Alexa-list of 75,000 in the world’s most visited Sites as well as 75,000, randomly selected .com Domains examined. They examined 72 different Libraries, each in multiple versions. A total of 87 percent of the Sites, the Alexa list, and 46.5 percent of the randomly selected .com-Sites at least one of these libraries.
According to the study, 36.7% of the included jQuery scripts are vulnerable. The Angular Framework (40.1 per cent), Handlebars (86.6 percent) and YUI (87.3 percent), the values are still much higher. 9.7% of the analyzed Websites use two or more vulnerable libraries.
“The ernüchterndste a result of our investigation, the document is likely that the JavaScript Library Ecosystem, complex, disorganized, and what relates to Security – will operate Substantially in accordance with the ‘ad hoc’principle,” the researchers write. You criticize, that there was no reliable vulnerability databases and none of the vendors of the libraries operated Security Mailing lists out there. Also to be included in the Release Notes hardly any Details on safety aspects and it is very difficult for users is often very difficult, which Version of a particular, referred to in Chess actually is affected.
In addition, the majority of the Sites used completely outdated versions. So the Median in terms of the oldest and the most current Version is being used on a Website for about three years.
In their study, the researchers have also made available to the reasons for the disastrous Situation to find: Only a small fraction of the studied Sites (a maximum of 2.8 percent) could make all the well-known weak thereby get rid of that you can play the available, yet backwards-compatible Patch-Level Updates. The majority of the Rest of the sites would need to import in contrast, at least one library with a version jump, and, as a rule, compatibility problems, and as a result, additional Code Modifications are required.