Nexpose Vulnerability Database
- Try searching for a product or vendor.
- Only vulnerabilities that match all search terms will be returned.
- Enclose search terms in double quotes for an exact search.
- For CVE searches, only enter the CVE-YYYY-XXXX code.
Get Nexpose now
Search vulnerabilities with Rapid7's vulnerability management solutionFREE DOWNLOAD
DOM-based Cross Site Scripting Vulnerability
|Severe (5)||6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)||Oct 31, 2006||Oct 31, 2006||Jan 28, 2011|
var loc = document.location + '?gotoHomepage=1'; document.write('<a href="' + loc + '">Home</a>');
An exploit script can be made to:
- access other sites inside another client's private intranet.
- steal another client's cookie(s).
- modify another client's cookie(s).
- steal another client's submitted form data.
- modify another client's submitted form data (before it reaches the server).
- submit a form to your application on the user's behalf which modifies passwords or other application data
The two most common methods of attack are:
- Clicking on a URL link sent in an e-mail
- Clicking on a URL link while visiting a website
In both scenarios, the URL will generally link to the trusted site, but will contain additional data that is used to trigger the XSS attack.
Note that SSL connectivity does not protect against this issue.
Get your solution now
Fix DOM-based Cross Site Scripting Vulnerability
- The document.write() function
- The document.writeln() function
- The execScript() function, which works similarly to eval()
- The setInterval(), setTimeout(), and navigate() functions
- The .innerHTML property of a DOM element
- Certain CSS properties which allow URLs such as .style, .backgroundImage, .listStyleImage, etc.
Any data which is derived from data under the client's control (e.g. request parameters, headers, query parameters, cookie names and values, the URL of the request itself, etc.) should be escaped before being used. Examples of user-controlled data include document.location (and most of its properties, e.g. document.location.search), document.referrer, cookie names and values, and request header names and values.
Download our vulnerability management solution, Nexpose, for free today. Scan 100% of your infrastructure for vulnerabilities, understand your risk exposure, compare and prioritize your vulnerabilities and verify that they are remediated.