== Reflected and DOM-Based XSS

DOM-based XSS is another form of reflected XSS. Both are triggered by sending a link with inputs that are reflected to the browser.
The difference between DOM and 'traditional' reflected XSS is that, with DOM, the payload will never go to the server.  It will only ever be processed by the client.


* Attacker sends a malicious URL to victim
* Victim clicks on the link
* That link may load a malicious web page or a web page they use (are logged into?) that has a vulnerable route/handler
* If it's a  malicious web page, it may use it's own JavaScript to attack another page/url with a vulnerable route/handler
* The vulnerable page renders the payload and executes attack in the user's context on that page/site
* Attacker’s malicious script may run commands with the privileges of local account

*Victim does not realize attack occurred* ... Malicious attackers don't use &lt;script&gt;alert('xss')&lt;/ script&gt;