id: dom-xss

info:
  name: DOM Cross Site Scripting
  author: theamanrawat,AmirHossein Raeisi
  severity: medium
  description: |
    Detects DOM-based Cross Site Scripting (XSS) vulnerabilities.
  impact: |
    Allows attackers to execute malicious scripts in the victim's browser.
  remediation: |
    Sanitize and validate user input to prevent script injection.
  tags: xss,dom,dast,headless
variables:
  num: "{{rand_int(10000, 99999)}}"
headless:
  - steps:
      - action: navigate
        args:
          url: "{{BaseURL}}"

      - action: waitload
    payloads:
      reflection:
        - "'\"><h1>{{num}}</h1>"

    fuzzing:
      - part: query
        type: postfix
        mode: single
        fuzz:
          - "{{reflection}}"

      - part: path
        type: postfix
        mode: single
        fuzz:
          - "{{reflection}}"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<h1>{{num}}</h1>"

      - type: word
        part: header
        words:
          - "text/html"
# digest: 490a0046304402206fa5454705d188cf783c45760ad511c36654ac75d130f768f1fb8b89c7eeccc30220394b14b699339d511ec656983ada13c1b84df671dbee5874b1fd854dd692b7a3:922c64590222798bb761d5b6d8e72950