Dom Based XSS
I got a notification from burp scanner as
The application may be vulnerable to DOM-based cross-site scripting. Data is read from document.URL and passed to the 'prepend()' function of JQuery via the following statement:
$("body:not(..." ) .prepend('<div clas...' + document.URL.substr(0 , document.URL.indexOf("?" ) ) + '> ...' )
but I don't understand how to exploit this ,help me out with this.
From the code snippet you’ve provided, this looks like it could be a valid issue.
You’ll need to submit your payload in to the query string.
It’s also worth noting that this exploit might only work using Edge or IE.