Cross-Site Scripting - Reflected DOM-XSS
General Reflected DOM-XSS Report Requirements
Payloads should show access to the DOM when possible using document.domain or similar.
Screenshots should include successful XSS execution.
HTTP requests where payloads are sent are required.
A full PoC should be included in the report.
A snippet of the vulnerable code should be added to the Description section.
If authentication is required, please include credentials in your first step.
Please see the this article for more information regarding Reflected DOM-XSS
Template Contents
Title
Reflected DOM Based XSS on [SITE]
Description
Cross-Site Scripting (XSS) attacks involve the execution of untrusted user input in the context of an application. In this case, malicious input that is reflected may, on its own, be harmless until processed further by client side code that results in execution of malicious browser scripts. The following report will describe the Reflected DOM-XSS findings.
Vulnerable Code:
INSERT VULNERABLE CLIENT SIDE CODE HERE
Impact
XSS results in unauthorized code being executed/rendered by a user's browser. As a result the following may occur:
Cookies can be stolen, leading to account takeover
Untrusted code can modify the DOM environment and retrieve/modify various values
Malicious execution of input can lead to a variety of other impacts
Recommended Fix
Some general rules provided by OWASP:
Never insert untrusted data except in allowed locations
HTML encode before inserting untrusted data into HTML element content
Attribute encode before inserting untrusted data into HTML common attributes
JavaScript encode before inserting untrusted data into JavaScript data values
URL encode before inserting untrusted data into HTML URL parameter values
For more detailed information on these tips, visit the OWASP XSS Prevention cheat sheet HERE.
Last updated