To reach the conclusion, researchers from the Boston-based Northeastern University, according to the investigation of 133,000 Websites. Therefore, the error can be exploited under certain circumstances, to an old Cross-Site Scripting vulnerability in jQuery to inject malicious scripts in a web site.
This erroneous Libraries can be exploited under certain circumstances, a well-known Cross-Site Scripting exploit vulnerability in jQuery. About the attackers then possible, the scripts of your choice in a Website to inject. For their study, the researchers from Boston semi which, according to Amazon’s Alexa-list of 75,000 in the world’s most visited Sites as well as 75,000, randomly selected .com Domains examined. They examined 72 different Libraries, each in multiple versions. A total of 87 percent of the Sites, the Alexa list, and 46.5 percent of the randomly selected .com-Sites at least one of these libraries.
According to the study, 36.7% of the included jQuery scripts are vulnerable. The Angular Framework (40.1 per cent), Handlebars (86.6 percent) and YUI (87.3 percent), the values are still much higher. 9.7% of the analyzed Websites use two or more vulnerable libraries.
In addition, the majority of the Sites used completely outdated versions. So the Median in terms of the oldest and the most current Version is being used on a Website for about three years.
In their study, the researchers have also made available to the reasons for the disastrous Situation to find: Only a small fraction of the studied Sites (a maximum of 2.8 percent) could make all the well-known weak thereby get rid of that you can play the available, yet backwards-compatible Patch-Level Updates. The majority of the Rest of the sites would need to import in contrast, at least one library with a version jump, and, as a rule, compatibility problems, and as a result, additional Code Modifications are required.