Burp Suite User Forum

Cross site scripting (DOM based message)

Arslan | Last updated: Jan 14, 2020 07:07AM UTC

The application may be vulnerable to DOM-based cross-site scripting. Data is read from location and passed to jQuery() via the following statement: jQuery(location).attr('href').split("//")[1]; How is this vulnerable?

Liam, PortSwigger Agent | Last updated: Jan 14, 2020 01:43PM UTC

Would it be possible to send the request, response, and full issue detail to us via email? (support@portswigger.net)

You need to Log in to post a reply. Or register here, for free.