This page collects WhisperX intelligence signals tagged #innerHTML. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical cross-site scripting (XSS) vulnerability has been identified in the overlay leaderboard component (`overlay/static/index.html`), potentially allowing malicious actors to inject arbitrary HTML or JavaScript code into the rendered page. The flaw stems from direct injection of user-supplied data—specifically `e...
A cross-site scripting vulnerability has been identified in code that consumes the GitHub Status API, with incident data being interpolated directly into `innerHTML` template literals without HTML entity encoding. The flaw affects two separate rendering paths in `src/js/main.js`, creating a potential injection vector i...
A frontend component responsible for rendering architecture diagrams in a chat application has been identified with a configuration that actively disables built-in security safeguards. The `ArchitectureDiagram` component initializes the Mermaid diagram library with `securityLevel: 'loose'`, a setting that strips away t...
A security researcher has flagged a cross-site scripting (XSS) vulnerability in common.js, citing unsafe innerHTML usage on line 5 that injects fetched HTML without sanitization. The issue, submitted as a GitHub vulnerability report, warns that if the fetched content contains malicious scripts, those scripts could exec...
A security researcher has identified a cross-site scripting (XSS) vulnerability in the CSV import error display logic of firearm-import.js, exposing the application's upload interface to potential script injection. The flaw, classified under OWASP A03:2021 (Injection), exists in the error rendering section at lines 64–...