DOM-based XSS

GPTKB entity

Statements (20)
Predicate Object
gptkbp:instanceOf gptkb:security
gptkbp:affects web applications
gptkbp:alsoKnownAs gptkb:DOM_XSS
gptkbp:cause data theft
session hijacking
arbitrary code execution
gptkbp:causedBy improper handling of user input in the DOM
gptkbp:compatibleWith server-side code injection
gptkbp:describedBy gptkb:OWASP_XSS_documentation
gptkbp:exploits client-side JavaScript
gptkbp:firstDescribed 2005
https://www.w3.org/2000/01/rdf-schema#label DOM-based XSS
gptkbp:mitigatedBy input validation
output encoding
using safe JavaScript APIs
gptkbp:partOf gptkb:cross-site_scripting
gptkbp:requires malicious input reflected in the DOM
gptkbp:bfsParent gptkb:cross-site_scripting
gptkb:Cross-site_Scripting
gptkbp:bfsLayer 5