| Feature | Reflected XSS | DOM-Based XSS |
|---|---|---|
| Execution Context | Server-side response includes malicious content | Client-side JavaScript executes malicious payload |
| Attack Mechanism | Injected script travels from web request to response | JavaScript modifies the DOM dynamically |
| Entry Point | URL query strings, form inputs, HTTP headers | DOM properties (e.g., document.URL, location.href) |
| Requires Server Interaction | Yes | No |
| Common Example | Malicious link shared via email or social media | JavaScript manipulating DOM elements on the client side |
Thursday, March 6, 2025
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment