clientside-js

Community Favorite
profile photo of Vasilii ErmilovVasilii Ermilov
Author
17,361
Download Count*

Most common clientside JavaScript XSS vulnerabilities

Run Locally

Tags

Rules (6)

profile photo of returntocorpreturntocorp

Detected possible DOM-based XSS. This occurs because a portion of the URL is being used to construct an element added directly to the page. For example, a malicious actor could send someone a link like this: http://www.some.site/page.html?default=<script>alert(document.cookie)</script> which would add the script to the page. Consider allowlisting appropriate values or using an approach which does not involve the URL.