{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-23T09:52:04.282","vulnerabilities":[{"cve":{"id":"CVE-2025-70458","sourceIdentifier":"cve@mitre.org","published":"2026-01-23T22:16:15.360","lastModified":"2026-06-17T10:03:20.333","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results."},{"lang":"es","value":"Una vulnerabilidad de cross-site scripting (XSS) basada en DOM existe en la clase DomainCheckerApp dentro de domain/script.js de Sourcecodester Domain Availability Checker v1.0. La vulnerabilidad ocurre porque la aplicación maneja incorrectamente los datos proporcionados por el usuario en el método createResultElement al usar la propiedad insegura innerHTML para renderizar los resultados de búsqueda de dominio."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-01-26T15:40:00.575285Z","id":"CVE-2025-70458","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:remyandrade:domain_availability_checker:1.0:*:*:*:*:*:*:*","matchCriteriaId":"74B1DD83-26CA-4E69-A7E1-06F013582A56"}]}]}],"references":[{"url":"https://github.com/ismaildawoodjee/vulnerability-research/security/advisories/GHSA-chm7-vgf7-6f9p","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.sourcecodester.com/php/18500/domain-availability-checker-using-php-and-javascript-source-code.html","source":"cve@mitre.org","tags":["Product"]}]}}]}