[Security] DOM Clobbering issues, CVSS: 5.4 — The JavaScript is rather old, can we update it?

[kierun]

I noticed that the JavaScript fragments have not been updated in a while.

How would I go about upgrading those to the latest version? I can do testing and fixing if/when anything breaks and create a PR. But, a starting point would be nice.

Thank you.

[kierun]

Lonkero output on https://phlow.github.io/feeling-responsive/:

2026-02-11T11:58:07.634690Z  INFO License validated: type=None, licensee=None
2026-02-11T11:58:07.635246Z  INFO Authorizing scan with 123 requested modules...
2026-02-11T11:58:08.457616Z  INFO [Auth] Authorized: Free license, max 10 targets, 8 modules
2026-02-11T11:58:08.457749Z  INFO [OK] Scan authorized: Free license, max 10 targets, 8 modules authorized
2026-02-11T11:58:08.457773Z  INFO [Auth] 8 modules authorized by server
2026-02-11T11:58:08.457847Z  WARN [Auth] 115 modules were not authorized: ["wordpress_scanner", "drupal_scanner", "joomla_scanner", "laravel_scanner", "django_scanner"]
   __                __
  / /   ____  ____  / /_____  _________
 / /   / __ \/ __ \/ //_/ _ \/ ___/ __ \
 / /___/ /_/ / / / / ,< /  __/ /  / /_/ /
/_____/\____/_/ /_/_/|_|\___/_/   \____/

    Wraps around your attack surface
      v3.6 - Intelligent Mode - (c) 2026 Bountyy Oy

2026-02-11T11:58:08.457997Z  INFO Initializing Lonkero Scanner v3.5.0
2026-02-11T11:58:08.458007Z  INFO Scan mode: Intelligent
2026-02-11T11:58:08.458052Z  INFO Targets: 1
2026-02-11T11:58:08.477751Z  INFO [SUCCESS] HTTP/2 enabled: streams=100, pool=10
2026-02-11T11:58:08.477861Z  INFO [SUCCESS] Response cache enabled: capacity=10000, ttl=300s
2026-02-11T11:58:08.477904Z  INFO Initialized rate limiter: 100rps default, adaptive=true
2026-02-11T11:58:08.477921Z  INFO [SUCCESS] Rate limiting enabled: 100rps, adaptive=true
2026-02-11T11:58:08.477955Z  INFO [WARNING]  Request batching disabled
2026-02-11T11:58:08.478339Z  INFO [SUCCESS] Adaptive concurrency enabled: initial=10, max=50
2026-02-11T11:58:08.478397Z  INFO DNS cache initialized: max_capacity=10000, ttl=300s
2026-02-11T11:58:08.478407Z  INFO [SUCCESS] DNS caching enabled
2026-02-11T11:58:08.573606Z  INFO Created new FP classifier with 23 features
2026-02-11T11:58:08.573708Z  INFO [OK] Scan engine initialized with 60 scanner modules
2026-02-11T11:58:08.573733Z  INFO [ML] Downloading detection model for first scan...
2026-02-11T11:58:08.573794Z  INFO Fetching detection model from server...
2026-02-11T11:58:09.019820Z  WARN Valid license required to download detection model
2026-02-11T11:58:09.020227Z  INFO [ML] Model download skipped (scanning without ML): No model available from server
2026-02-11T11:58:09.020285Z  INFO 
2026-02-11T11:58:09.020302Z  INFO === Scanning target 1/1: https://phlow.github.io/feeling-responsive/ ===
2026-02-11T11:58:09.020429Z  INFO Starting scan for: https://phlow.github.io/feeling-responsive/
2026-02-11T11:58:09.044400Z  INFO [Intelligence] Scanner intelligence system initialized
2026-02-11T11:58:09.044466Z  INFO Phase 0: Reconnaissance
2026-02-11T11:58:09.044477Z  INFO   - Running web crawler (depth: 3)
2026-02-11T11:58:09.044554Z  INFO Initialized rate limiter: 50rps default, adaptive=true
2026-02-11T11:58:09.044588Z  INFO [Crawler] Starting crawl of https://phlow.github.io/feeling-responsive/
2026-02-11T11:58:15.007713Z  INFO [RateLimit] Increasing rate limit for phlow.github.io: 50 -> 55 req/s
2026-02-11T11:58:17.863942Z  INFO [SUCCESS] Crawl complete: 63 pages, 2 forms, 116 scripts, 64 links
2026-02-11T11:58:17.864020Z  INFO   - Discovered 63 URLs, 2 forms
2026-02-11T11:58:17.869242Z  INFO   - Found 2 input fields to test for XSS
2026-02-11T11:58:17.869486Z  INFO   - Running endpoint discovery (wordlist fuzzing)
2026-02-11T11:58:17.869538Z  INFO [EndpointDiscovery] Starting endpoint discovery on https://phlow.github.io/feeling-responsive/
[…]
                                                                                                                                                     
------------------------------------------------------------                                                                                         
VULNERABILITIES FOUND: 46                                                                                                                            
------------------------------------------------------------                                                                                         
  [MEDIUM]   40                                                                                                                                      
  [LOW]      6                                                                                                                                       
                                                                                                                                                     
[MEDIUM]   DOM Clobbering                                                                                                                            
  URL:       https://phlow.github.io/feeling-responsive/design/page/                                                                                 
  Parameter: window.nodeType                                                                                                                         
  CWE:       CWE-79                                                                                                                                  
  CVSS:      5.4                                                                                                                                     
                                                                                                                                                     
[MEDIUM]   DOM Clobbering                                                                                                                            
  URL:       https://phlow.github.io/feeling-responsive/design/header-logo-only/                                                                     
  Parameter: window.nodeType                                                                                                                         
  CWE:       CWE-79                                                                                                                                  
  CVSS:      5.4                                                                                                                                     
                                                                                                                                                     
[MEDIUM]   DOM Clobbering                                                                                                                            
  URL:       https://phlow.github.io/feeling-responsive/design/                                                                                      
  Parameter: window.nodeType                                                                                                                         
  CWE:       CWE-79                                                                                                                                  
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/roadmap/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[LOW]      Cross-Origin Iframe Without Sandbox
  URL:       https://phlow.github.io/feeling-responsive/changelog/
  Parameter: postMessage
  CWE:       CWE-1021
  CVSS:      3.7

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/design/post-right-sidebar/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/design/breadcrumb/ 
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/design/no-header/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/info
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/design/typography/typography/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       http://phlow.github.io/feeling-responsive/info/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4
[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/design/typography/typography/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       http://phlow.github.io/feeling-responsive/info/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/headers/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/contact/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/design/header-with-text/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/blog/page2/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/design/gallery/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[LOW]      Cross-Origin Iframe Without Sandbox
  URL:       https://phlow.github.io/feeling-responsive/documentation/
  Parameter: postMessage
  CWE:       CWE-1021
  CVSS:      3.7

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/design/mediaelement_js/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/changelog/fontcustom.com
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/design/comments/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/blog/archive/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/documentation/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/design/header-full-width-image/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/blog/page3/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/design/header-image-color/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering                                                                                                                            
  URL:       https://phlow.github.io/feeling-responsive/blog/                                                                                        
  Parameter: window.nodeType                                                                                                                         
  CWE:       CWE-79                                                                                                                                  
  CVSS:      5.4                                                                                                                                     
                                                                                                                                                     
[MEDIUM]   DOM Clobbering                                                                                                                            
  URL:       https://phlow.github.io/feeling-responsive/                                                                                             
  Parameter: window.nodeType                                                                                                                         
  CWE:       CWE-79                                                                                                                                  
  CVSS:      5.4                                                                                                                                     
                                                                                                                                                     
[LOW]      Cross-Origin Iframe Without Sandbox                                                                                                       
  URL:       https://phlow.github.io/feeling-responsive/documentation                                                                                
  Parameter: postMessage                                                                                                                             
  CWE:       CWE-1021                                                                                                                                
  CVSS:      3.7                                                                                                                                     
                                                                                                                                                     
[MEDIUM]   DOM Clobbering                                                                                                                            
  URL:       https://phlow.github.io/feeling-responsive/getting-started/                                                                             
  Parameter: window.nodeType                                                                                                                         
  CWE:       CWE-79                                                                                                                                  
  CVSS:      5.4                                                                                                                                     
                                                                                                                                                     
[MEDIUM]   DOM Clobbering                                                                                                                            
  URL:       https://phlow.github.io/feeling-responsive/contact                                                                                      
  Parameter: window.nodeType                                                                                                                         
  CWE:       CWE-79                                                                                                                                  
  CVSS:      5.4                                                                                                                                     
                                                                                                                                                     
[MEDIUM]   DOM Clobbering                                                                                                                            
  URL:       https://phlow.github.io/feeling-responsive/design/page-fullwidth/                                                                       
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[LOW]      Cross-Origin Iframe Without Sandbox
  URL:       https://phlow.github.io/feeling-responsive/design/video/
  Parameter: postMessage
  CWE:       CWE-1021
  CVSS:      3.7

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/design/video/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/design/portfolio/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   Security Header Misconfiguration - Missing HSTS Header
  URL:       https://phlow.github.io/feeling-responsive/
  CWE:       CWE-16
  CVSS:      5.3

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/documentation
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/design/grid/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/search
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[LOW]      Cross-Origin Iframe Without Sandbox
  URL:       https://phlow.github.io/feeling-responsive
  Parameter: postMessage
  CWE:       CWE-1021
  CVSS:      3.7

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/design/no-header-but-image/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4
[MEDIUM]   CLICKJACKING_NO_PROTECTION
  URL:       https://phlow.github.io/feeling-responsive/
  CWE:       CWE-1021
  CVSS:      5.3

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/design/post-left-sidebar/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/search/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4

[LOW]      Cross-Origin Iframe Without Sandbox
  URL:       https://phlow.github.io/feeling-responsive/
  Parameter: postMessage
  CWE:       CWE-1021
  CVSS:      3.7

[MEDIUM]   DOM Clobbering
  URL:       https://phlow.github.io/feeling-responsive/changelog/
  Parameter: window.nodeType
  CWE:       CWE-79
  CVSS:      5.4
------------------------------------------------------------
2026-02-11T12:00:16.051243Z  INFO Created new FP classifier with 23 features

============================================================
SCAN COMPLETE
============================================================
Targets scanned:    1
Total tests run:    1599
Vulnerabilities:    46
Duration:           127.03s
============================================================
2026-02-11T12:00:16.052422Z  INFO Results written to: scan.json

Here is the JSON from the scan:

scan.json