HelpAddonsDomxssDomxss

DOM XSS Active Scan Rule

An Active Scan rule for detecting DOM XSS vulnerabilities.

It launches browser windows and sends attack payloads to all of the relevant DOM elements. As it launches browser windows it is not suitable for headless environments, and will take significantly longer than other (non browser based) rules.

This version only supports Firefox. Future versions may support other browsers.

The following Attack Strengths are supported, and related directly to the number of attack payloads used for URL fragment injections (eg: http://example.com/index.html?foo=bar\#injection):

LOW: 3 attack payloads
MEDIUM: 5 attack payloads
HIGH: 7 attack payloads
INSANE: 9 attack payloads

The scanner will also attempt URL/query parameter injections which are not impacted by the selected strength.

The rule will only report one DOM XSS vulnerability per node, unless the LOW Alert threshold is used, in which case it will keep trying all of the specified payloads.

Uh oh!

HelpAddonsDomxssDomxss

DOM XSS Active Scan Rule

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!