DOM XSS

DOM XSS occurs when client-side code reads untrusted data from sources such as URLs, fragments, cookies, or local storage and writes it into dangerous browser sinks without proper sanitization. Unlike traditional XSS, the vulnerable behavior often exists in JavaScript rather than the server response. This vulnerability can allow attackers to execute scripts, manipulate page behavior, steal sensitive data, or perform actions within the victim’s browser session.