The method ScannerFacade#findScriptUrl does not correctly extract only the src attribute value.

It seems this method is intended to extract the value between the first quote in the src attribute and the last quote in the src attribute.
However, the method actually extracts the value between the first quote in the src attribute and the last quote in the script tag.

For example, if the script tag is as below, ScannerFacade#findScriptURL returns /jquery-1.4.3,.min.js" type="text/javascript.

<script src="/jquery-1.4.3,.min.js" type="text/javascript"></script>

The file matcher works on the substring after the last slash of the extracted value, so in this case, it processes javascript.
Therefore, the library with vulnerabilities jquery-1.4.3.min.js is not detected.