CVE-2025-70458

A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Configurations

Configuration 1 (hide)

cpe:2.3:a:remyandrade:domain_availability_checker:1.0:*:*:*:*:*:*:*

History

17 Jun 2026, 10:03

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de cross-site scripting (XSS) basada en DOM existe en la clase DomainCheckerApp dentro de domain/script.js de Sourcecodester Domain Availability Checker v1.0. La vulnerabilidad ocurre porque la aplicación maneja incorrectamente los datos proporcionados por el usuario en el método createResultElement al usar la propiedad insegura innerHTML para renderizar los resultados de búsqueda de dominio.

30 Jan 2026, 17:59

Type Values Removed Values Added
CPE cpe:2.3:a:remyandrade:domain_availability_checker:1.0:*:*:*:*:*:*:*
References () https://github.com/ismaildawoodjee/vulnerability-research/security/advisories/GHSA-chm7-vgf7-6f9p - () https://github.com/ismaildawoodjee/vulnerability-research/security/advisories/GHSA-chm7-vgf7-6f9p - Exploit, Third Party Advisory
References () https://www.sourcecodester.com/php/18500/domain-availability-checker-using-php-and-javascript-source-code.html - () https://www.sourcecodester.com/php/18500/domain-availability-checker-using-php-and-javascript-source-code.html - Product
First Time Remyandrade domain Availability Checker
Remyandrade

26 Jan 2026, 16:15

Type Values Removed Values Added
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4

23 Jan 2026, 22:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-01-23 22:16

Updated : 2026-06-17 10:03


NVD link : CVE-2025-70458

Mitre link : CVE-2025-70458

CVE.ORG link : CVE-2025-70458


JSON object : View

Products Affected

remyandrade

  • domain_availability_checker
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')