DOM-based (type 0) XSS does not require sending malicious code to the server, and therefore they can also use static HTML pages as an attack vector. The following is an example of a dummy attack line:
http://www.xssed.edu/home.html#<script>alert("XSS")</script>
I know that ModSecurity offers protection against XSS attacks in PDF files, which are considered attacks of type 0, however my question is that ModSecurity generally prevents this type of XSS, and also, in your opinion, what are the consequences of this vulnerability.
source
share