“DOM-based XSS” essentially implies a cross-site scripting vulnerability that shows up in the DOM (Document Object Model) rather than part of the HTML. In reflective and stored XSS assaults, you can see the vulnerability payload on the response page. However, in DOM-based XSS, the HTML source code and the assault payload can’t be found in the response. It can only be seen on runtime or by investigating the DOM of the page.
Imagine the accompanying page “http://www.example.com/test.html” contains the beneath code:
If you send an HTTP request like this,