Vulnerability Name: DOM based cross-site scripting on [Parameter] at [Domain name]
[Don't forget to add your vulnerability description, the one given above is general description]
Payload: [Malicious payload]
Steps to Reproduce: (Please change the steps according to the scenarios)
Go to the [URL].
Add the given payload in the Vulnerable [Parameter]
Reload the page.
You should get an alert with the domain name.
This is Dom based cross-site scripting.
Proof-of-concept: Snapshots or video link attached.
Gain access to users cookies, session IDs, passwords, private messages, etc
Read and access the content of a page for any attacked user and therefore all the information displayed to the user
Compromise the content shown to the user
Attack Scenario: Here in the above vulnerability the attacker might create a malicious payload which fetch's the session id of the user whoever clicks on the link, and pass that information to the attacker's server, this can lead to a session hijacking or account takeover on that domain.
[The above was a basic attack scenario you need to alter it according to the Workflow]
Remediation: To keep yourself safe from XSS, you must sanitize your input. Your application code should never output data received as input directly to the browser without checking it for malicious code.