Verizon patched late last year persistent- DOM-based cross-site scripting vulnerabilities in its Message+ messaging client that could allow an attacker to control a user’s session.

This new security feature was developed with the intent to protect users against one of the three types of cross-site scripting flaws --namely DOM-based (or type-0) XSS.

While solutions for preventing server-side XSS are well known, DOM-based Cross-Site Scripting (DOM XSS) is a growing problem. The challenge is that XSS is easy to introduce, but challenging to detect.

DOM-based attacks are a misunderstood, serious, and pervasive source of risk in contemporary web applications. The language that drives the web, JavaScript, is easy to understand and hard to master; ...

Cross-site scripting attacks can leave private, critical information vulnerable to cyberattackers. Learn more about XSS attacks and how you can prevent them.