DOM Based XSS


Description

The application is vulnerable to DOM based cross site scripting attacks. Attackers can insert JavaScript into requests which are then inserted into the page’s Document Object Model (DOM) and executed. If an attacker tricks a user into clicking on a malicious link, the page will be modified to include injected JavaScript that will execute under the context of the user. This attack does not require the victim to send data back to the server, because the attack happens on the client-side.

Custom Description

Impact

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply