Any page that uses uri fragments is potentially at risk from xss attacks. In reflective and stored cross site scripting attacks you can see the vulnerability payload in the response page but in dom based cross site scripting the html source code and response of the attack will be exactly the same i e.
Read about other types of cross site scripting attacks.
Dom based xss attack. There is a third much less well known type of xss attack called dom based xss that is discussed separately here. Dom xss stands for document object model based cross site scripting. An attacker can execute a dom based cross site scripting attack if the web application writes user supplied information directly to the document object model dom and there is no sanitization.
Dom based xss attacks have all the risks associated with the other types of xss attack with the added bonus that they are impossible to detect from the server side. Dom based xss or as it is called in some texts type 0 xss is an xss attack wherein the attack payload is executed as a result of modifying the dom environment in the victim s browser used by the original client side script so that the client side code runs in an unexpected manner. Want to see this vulnerability in action.
Dom based cross site scripting dom xss is a web vulnerability a subtype of cross site scripting. Stored xss attacks stored attacks are those where the injected script is permanently stored on the target servers such as in a database in a message forum visitor log comment field etc. A dom based xss attack is possible if the web application writes data to the document object model without proper sanitization.
The document object model is a convention used to represent and work with objects in an html document as well as in other document types.