Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Cross site scripting (DOM based message)

Arslan Jan 14, 2020 07:07AM UTC

The application may be vulnerable to DOM-based cross-site scripting. Data is read from location and passed to jQuery() via the following statement:
jQuery(location).attr('href').split("//")[1];


How is this vulnerable?


Liam Tai-Hogan Jan 14, 2020 04:10PM UTC Support Center agent

Would it be possible to send the request, response, and full issue detail to us via email? (support@portswigger.net)


Post Your public answer

Your name
Your email address
Answer