Dom xss stands for document object model based cross site scripting.
Dom based xss. Dom based xss is extremely difficult to mitigate against because of its large attack surface and lack of standardization across browsers. Dom based xss definition. Dom based cross site scripting from now on called dom xss is a very particular variant of the cross site scripting family and in web application development is generally considered the amalgamation of the following.
A dom based xss attack is possible if the web application writes data to the document object model without proper sanitization. Dom based xss or as it is called in some texts type 0 xss is an xss attack wherein the attack payload is executed as a result of modifying the dom environment in the victim s browser used by the original client side script so that the client side code runs in an unexpected manner. A dom based xss vulnerability arises when the dom is used to generate dynamic content containing user input that can be processed without checking.
Here the locations that malicious user input bring into the dom are designated as source. It uses the document object model dom which is a standard way to represent html objects in a hierarchical manner. Dom xss stands for document object model based cross site scripting.
The payload cannot be found in the response. In reflective and stored cross site scripting attacks you can see the vulnerability payload in the response page but in dom based cross site scripting the html source code and response of the attack will be exactly the same i e. Dom based xss is an advanced type of xss that occurs by writing data to the document object model dom.