DOM XSS vulnerability in Gartner Peer Insights widget patched

Web attack vector closed after failed fix

Gartner has patched a DOM XSS vulnerability found in the Peer Insights widget, a security bug researchers reckon dates back to the original development of the software.

In a technical write-up of the flaw, penned by Justin Steven, the software security researcher said that “many websites” were made vulnerable to DOM-based cross-site scripting (XSS) when the widget was present.

Catch up on the latest security research-related news and analysis

The Gartner Peer Insights widget is a marketing tool described as “an aggregated, real-time view of a vendor’s review and ratings in a particular market on Gartner Peer Insights” that industry vendors are invited to host on their site to add market “credibility and drive conversions”.

When a website uses the Gartner widget, it sources widget.js from and then creates an event listener for postMessage messages before creating a div for the widget to be displayed in.

A hidden iframe pointed at the domain requests a specific page from which would send a postMessage message to the patent page. This message data would be used in constructing HTML content to be populated into the widget’s content div via a function called innerHTML.

Substring shenanigans

Verification occurs through a check for the string “” appearing in the origin of the sending website. However, the check could be bypassed by launching an attack from a website such as, as this still would meet the substring criteria.

Furthermore, the researcher described innerHTML as a DOM XSS “sink” as several XSS triggers

Read more

Explore the site

More from the blog

Latest News