W-XSS-DOMImpact

DOM-Based XSS

Sink (innerHTML / location / eval) reads from a user-controlled source (location.hash, postMessage) without sanitization.

§ Where this technique fits

W-XSS-DOM is catalogued under the Impact tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 3 on average.

§ Dossiers chaining this technique

WebView XSS → JS bridge → native code exec
WebView loads partially-attacker-controlled content (e.g. injected referral param) and exposes addJavascriptInterface — XSS in the page calls the bridge to run app-level code.
step 3 / 5

§ What commonly comes next

01
Android Deeplink / Intent Abuse
MOB-DEEPLINK-ABUSE · Initial Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

WebView XSS → JS bridge → native code exec

§ What commonly comes next