Dedal0

Name of the Vulnerable Software and Affected Versions: wabac.js versions 2.23.10 and below Description: wabac.js provides a full web archive replay system using Service Workers. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the 404 error handling logic. The `requestURL` parameter, derived from the original request target, is directly embedded into an inline `<script>` block without sanitization or escaping, allowing an attacker to execute arbitrary JavaScript in the victim’s browser. The scope may be limited by CORS policies. Recommendations: Update wabac.js to version 2.23.11 or later.