Description
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user.
Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser.
While a traditional cross-site scripting vulnerability occurs on the server-side code, document object model based cross-site scripting is a type of vulnerability which affects the script code in the client's browser.
Remediation
Your script should filter metacharacters from user input.
References
Acunetix Cross Site Scripting Attack
VIDEO: How Cross-Site Scripting (XSS) Works
DOM based XSS Prevention Cheat Sheet
Related Vulnerabilities
WordPress Plugin Video Posts Webcam Recorder Cross-Site Scripting (1.55.4)
WordPress Plugin WP Smart Import: Import any XML File to WordPress Cross-Site Scripting (1.0.2)
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.10)
WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.16.68)
WordPress Plugin Social Auto Poster-WordPress Scheduler & Marketing Cross-Site Scripting (5.3.14)