DOM Cross Site Scripting
Variants:
Direct
Also Known As:
DXSS
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
Invented In:
01/01/2005
Added In:
10/12/2014
Quick Introduction to the Topic:
Vector Operation Method:
Javascript and VBScript code which insecurely embeds user-controlled content in the DOM or in dynamically generated content can be abused by attackers to present attacker-controlled scripts to legitimate application users, thus, allowing the attackers to bypass the browser same origin policy, in order to steal users credentials, cookies and sensitive information, as well as perform operations on behalf of the attacked users without their consent or knowledge.
