What is DOM XSS Scanner?

DOM XSS Scanner is an online tool that helps you find potential DOM based cross-site scripting (XSS) security vulnerabilities. To get started simply enter a URL to review the source code of the corresponding resource with DOM XSS sources and sinks being highlighted on the results page.

In addition HTML and XML documents will be searched for included external scripts, most likely JavaScript files, that will be fetched in turn and subsequently displayed on the results page. Learn more about DOM XSS Scanner.


What is DOM Based XSS?

DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment.

Source: OWASP DOM based XSS