Minded Security researchers have found another flaw by using DOMinatorPro
According to the researchers, DOMinatorPro revealed a piece of code in googleadservices.com /pagead/landing.js which used invalidated input to build the argument for two “document.write ” calls.
“[This] means that one more time a (almost) 3rd party script introduces a flaw in the context of an unaware domain,” Minded Security’s Stefano Di Paola explained.
Di Paola suggested one workaround, but Google decided to address this issue by removing the problematic script altogether.
Unlike the traditional XSS vulnerabilities that occur in the server-side code, DOM-based XSS affects the script code in the client’s browser.