DOM XSS

Vulnerable apps: JS frameworks, single-page applications, and APIs that dynamically include external JS.

Ideally, applications would not send attacker-controllable data to unsafe JavaScript APIs.

Attacker controls remote resource (or injects resource).

All aspects of the client facing app may be diverted.

PreviousStored XSS NextCross Site Request Forgery

Last updated 8 months ago