Attacks and Threats

What is DOM-based XSS?

In a document object model (DOM)-based Cross-site scripting (XSS) attacks (sometimes called “type-0 XSS”), the threat actor’s payload is executed as a result of modifications to the DOM environment in the victim’s browser, which was used by the original client side script. As a result, the client side code runs differently than it was originally designed to. The page itself doesn’t change, but the client side code on the page executes differently due to the malicious DOM environment modifications.