Community Favorite
profile photo of Vasilii ErmilovVasilii Ermilov
Download Count*

Most common clientside JavaScript XSS vulnerabilities

Run Locally

Rules (6)

profile photo of semgrepsemgrep

Detected possible DOM-based XSS. This occurs because a portion of the URL is being used to construct an element added directly to the page. For example, a malicious actor could send someone a link like this:<script>alert(document.cookie)</script> which would add the script to the page. Consider allowlisting appropriate values or using an approach which does not involve the URL.