1

Is this code vulnerable to DOM based XSS?

The application is using jQuery 1.12.4 and i noticed that Data is read from window.location.hash and passed to $() via the following statements:

var target_ = window.location.hash.substr(1); $('html, body').animate({ scrollTop: $("." + target_).offset().top - $(".site-header").outerHeight() }, 1000);

What payload could I use to trigger an alert box or execute any JS code? Is this code vulnerable or 100% safe?

Improve this question
0

    1 Answer 1

    Reset to default
    1

    The code snippet you shared above is not vulnerable to DOM-based XSS. jQuery version 1.12.4 is not affected by the selector XSS bug. I highly recommend using http://research.insecurelabs.org/jquery/test/ to determine if a specific version of jQuery is affected by any publicly-disclosed vulnerabilities.

    enter image description here

    Improve this answer

      Start asking to get answers

      Find the answer to your question by asking.

      Ask question

      Explore related questions

      See similar questions with these tags.