DOM-based XSS also called as type-0 XSS, this vulnerability allows an attacker to craft a malicious URL and if the URL visited by another user, then the javascript will be executed in the user’s browser. It allows an attacker to steal victim’s session token, login credentials, performing arbitrary actions and to capture the keystrokes.
Read full news article on GBHackers