DOM XSS

GPTKB entity

Statements (28)
Predicate Object
gptkbp:instanceOf Web security vulnerability
gptkbp:affects Web applications
gptkbp:category gptkb:Cross-Site_Scripting
gptkbp:cause Phishing
Session hijacking
Data theft
Arbitrary JavaScript execution
gptkbp:causedBy Unsafe manipulation of DOM
Untrusted user input
gptkbp:documentedIn gptkb:OWASP
gptkb:CWE-79
gptkbp:example document.URL usage
innerHTML assignment
location.hash manipulation
gptkbp:exploits Malicious user input
gptkbp:firstDescribed 2005
gptkbp:fullName Document Object Model Cross-Site Scripting
https://www.w3.org/2000/01/rdf-schema#label DOM XSS
gptkbp:impact High
gptkbp:mitigatedBy Input validation
Output encoding
Safe JavaScript APIs
gptkbp:relatedTo gptkb:Reflected_XSS
gptkb:Stored_XSS
gptkbp:requires JavaScript enabled
gptkbp:vectorFor Client-side
gptkbp:bfsParent gptkb:DOM-based_XSS
gptkbp:bfsLayer 6