While pentesting it’s very common for me to find websites using years old versions of jquery,bootstrap,etc. and they are usually marked as vulnerable to XSS by scanners since there are vulnerabilities. But after looking into what vulnerabilities were released I actually never managed to leverage one in a live environment since they look like very special edge cases. Searching public reports got me to nothing. Anyone knows if there’s really anything that can be done with them or I should just not bother checking them at all?