 I recently tested a language-learning site that used live frontend filtering to block HTML input (e.g., <img> <svg> tags were removed as you typed).



But by injecting the payload directly via browser console (without typing it), the input was submitted and stored.



Surprisingly, the XSS executed later on my own profile page — indicating stored execution from a DOM-based bypass.



I wrote a short write-up here:

[https://is4curity.medium.com/xss-before-submit-a-dom-based-execution-flaw-hidden-in-plain-sight-5633bdd686c9](https://is4curity.medium.com/xss-before-submit-a-dom-based-execution-flaw-hidden-in-plain-sight-5633bdd686c9)



enjoy

This security threat involves a stored Cross-Site Scripting (XSS) vulnerability that bypasses live HTML filtering implemented on the frontend of a language-learning website. The site attempted to prevent malicious HTML input by filtering out certain tags such as <img> and <svg> as the user typed, effectively blocking direct injection attempts through the user interface. However, the attacker discovered that by injecting malicious payloads directly through the browser console—bypassing the live filtering mechanism—the input was accepted and stored on the server. This stored malicious script later executed on the victim's profile page, demonstrating a DOM-based stored XSS vulnerability. The key technical insight is that the filtering was only applied during live typing events on the frontend, and not validated or sanitized on the server side or at submission, allowing the attacker to circumvent protections by injecting payloads programmatically. The execution context is DOM-based, meaning the malicious script is executed as part of the client-side rendering process, which can lead to session hijacking, credential theft, or unauthorized actions within the context of the victim's browser session. This vulnerability highlights the risks of relying solely on client-side filtering without robust server-side validation and sanitization. The exploit does not require user interaction beyond visiting the affected profile page, and no authentication bypass is indicated, but the stored nature of the XSS means any user viewing the infected profile could be impacted. No known exploits are currently in the wild, and the discussion level is minimal, but the vulnerability is recent and documented by a credible security researcher.

Reddit NetSec

Detailed information about Bypassing Live HTML Filtering to Trigger Stored XSS – DOM-Based Exploitation. Get real-time updates, technical details, and mitigatio

Bypassing Live HTML Filtering to Trigger Stored XSS – DOM-Based Exploitation - Live Threat Intelligence - Threat Radar | OffSeq.com

Bypassing Live HTML Filtering to Trigger Stored XSS – DOM-Based Exploitation

Reddit Discussion: Bypassing Live HTML Filtering to Trigger Stored XSS – DOM-Based Exploitation

A vulnerability classified as critical has been found in FNKvision FNK-GU2 up to 40.1.7. Affected is an unknown function of the component UART Interface. The manipulation leads to on-chip debug and test interface with improper access control. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

CVE Database V5

Detailed information about CVE-2025-7213: On-Chip Debug and Test Interface With Improper Access Control in FNKvision FNK-GU2 affecting FNKvision FNK-GU2. Get re

CVE-2025-7213: On-Chip Debug and Test Interface With Improper Access Control in FNKvision FNK-GU2 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7213: On-Chip Debug and Test Interface With Improper Access Control in FNKvision FNK-GU2

Detailed information about CVE-2025-53687. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-53687 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-53687

Detailed information about CVE-2025-53686. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-53686 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-53686

Detailed information about CVE-2025-53688. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-53688

CVE-2025-53688

Technical Details

Related Threats

CVE-2025-7213: On-Chip Debug and Test Interface With Improper Access Control in FNKvision FNK-GU2

CVE-2025-53687

CVE-2025-53686

CVE-2025-53685

CVE-2025-53684

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility