Cross-site scripting (DOM-based)
I got he following issue on my app:
"The application may be vulnerable to DOM-based cross-site scripting. Data is read from window.location.hash and passed to $()."
"Data is read from window.location.hash and passed to $() via the following statement:
$('a[href="' + window.location.hash + '"]').click();"
Thanks in advance
Please find the methodology for testing DOM-based XSS here: https://support.portswigger.net/customer/portal/articles/2325926-Methodology_Attacking%20Users_XSS_Using%20Burp%20Scanner%20To%20Find%20DOM%20XSS.html