GitHub - qeeqbox/dom-based-cross-site-scripting: A threat actor may inject malicious content into HTTP requests. The content is not reflected in the HTTP response and executed in the victim's browser.
![OWASP Top 10 : Cross-Site Scripting #2 DOM Based XSS Injection and Mitigation - Penetration Testing and CyberSecurity Solution - SecureLayer7 OWASP Top 10 : Cross-Site Scripting #2 DOM Based XSS Injection and Mitigation - Penetration Testing and CyberSecurity Solution - SecureLayer7](http://blog.securelayer7.net/wp-content/uploads/2017/01/DOM-XSS-3.png)
OWASP Top 10 : Cross-Site Scripting #2 DOM Based XSS Injection and Mitigation - Penetration Testing and CyberSecurity Solution - SecureLayer7
![javascript - Is this codes usage of document.location.toString() a DOM based XSS vulnerability? - Information Security Stack Exchange javascript - Is this codes usage of document.location.toString() a DOM based XSS vulnerability? - Information Security Stack Exchange](https://i.stack.imgur.com/6L5xE.png)