An insecure mess: How flawed JavaScript is turning web into a hacker's playground | ZDNet

Researchers say tens of thousands of sites are using JavaScript libraries that are years old and contain publicly known vulnerabilities. An analysis of over 133,000 websites has found that 37 percent of them have at least one JavaScript library with a known vulnerability. There are no reliable vulnerability databases, no security mailing lists maintained by library vendors, few or no details on security issues in release notes, and often, it is difficult to determine which versions of a library are affected by a specific reported vulnerability.