DOM-Based Cross-Site Scripting (DOM-Based XSS)

The DOM-based XSS vulnerability allows embedding JavaScript code in a website. However, it does not do this via the web application on the server as with reflected XSS and persistent XSS, but exploits an error in the JavaScript of the application. The vulnerability is called DOM-based because client-side JavaScript has access to the Document Object Model (DOM) of a website and may thus access the respective URL.

Back to the glossary overview