here dom based vulnerability: query versions vulnerable selector xss class attribute ('. xss_vector') these jquery libraries cause dom xss when user controlled value passed class selected [$('.'+ classname)]
but don't know attack vector. can give me example?
here action script (scroll down page): http://domstorm.skepticfx.com/modules?id=529bbe6e125fac0000000003
you can see result of js "exploit" variable injection in dom. (un)fortunately jquery, , old versions, such-alike.
