Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two…

A vulnerability in Dalfox open-source XSS scanner prior to version 2.13.0 allows remote denial of service attacks. The flaw occurs in ParameterAnalysis where two sequential worker stages write to the same results channel, but the second stage uses an already-closed channel. When processing POST-body parameters, this triggers a Go runtime panic that crashes the entire dalfox process. In server mode, this is remotely exploitable by unauthenticated attackers via the REST API since the default configuration lacks API key protection. The vulnerability is fixed in version 2.13.0.