Burp Suite User Forum

Create new post


Arvind | Last updated: Feb 27, 2024 01:40PM UTC

I am doing a penetration Testing of an application. Burp shows it is vulnerable to DOM based XSS. Basically I went to source code page in a browser and on inspect element I have entered an XSS payload in “window.location.href” and the payload got executed on that page. But it is not persistent one, once I refresh the page the payload vanished. Is this attack is valid DOM based XSS ?

Hannah, PortSwigger Agent | Last updated: Feb 28, 2024 11:34AM UTC

Hi You may want to check out our Web Security Academy topic on DOM-based XSS. You can find this here: - https://portswigger.net/web-security/dom-based - https://portswigger.net/web-security/cross-site-scripting/dom-based

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.