DOM-based Cross Site Scripting Vulnerability (http-client-side-xss)

This type of attack occurs when javascript code uses values provided by
the browser (rather than the server) that can be manipulated by the user.

The most common example, is where javascript code in the page (which
is executed in the browser), uses document.location or a URL parameter
to create the pages HTML, without converting the value to HTML escape codes.

Example

var winLoc = window.location.pathname;
$('pdpTabUserReviews').action = winLoc + $('reviewAnchor').value;

In this case, the URL used to access the page could contain any Javascript, which
would be executed if the button is pressed.

References
http://www.webappsec.org/projects/articles/071105.shtml