SecurityExplained/resources/vulnerable-code-38.md at main · harsh-bothra/SecurityExplained · GitHub

SecurityExplained S-51: Vulnerable Code Snippet - 38

Vulnerable Code:

Solution:

The code is vulnerable to DOM-based XSS and allows execution of XSS using "s" parameter using payloads like: x'onmouseover=alert(1)//

Twitter Thread: https://twitter.com/harshbothra_/status/1495224184611524608

Code Credits: @Brumens2