CVE-2025-58765
wabac.js provides a full web archive replay system, or ‘wayback machine’, using Service Workers. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter `requestURL` (derived from the original request target) is directly embedded into an inline `
More information : https://github.com/webrecorder/wabac.js/commit/25feb4a5af69a6b65694426eae67b890be438c4c