Skip to content

xss via domain takeover

Description

XSS via Domain Takeover occurs when an attacker exploits a domain takeover vulnerability—caused by misconfigurations, expired services, or DNS vulnerabilities—to inject and execute malicious scripts on a target application. By controlling the domain, the attacker can host malicious content, impersonate the domain, and steal sensitive information from users through techniques like session hijacking, credential theft, or phishing. This attack requires zero user interaction, as the compromised domain automatically serves the malicious scripts to users who visit it, significantly increasing its impact and severity.

Remediation

  1. Remove or update DNS records that point to unused or expired domains.
  2. Implement strict access controls and regularly audit domain ownership.
  3. Use domain registrar features like domain locking to prevent unauthorized changes.
  4. Regularly monitor and renew domain registrations to prevent expiration.
  5. Implement security measures such as DNSSEC to protect DNS records.
  6. Conduct regular security assessments to identify potential domain vulnerabilities.
  7. Educate staff on the importance of domain security and best practices.

Configuration

Identifier: configuration/xss_via_domain_takeover

Examples

Ignore this check

checks:
  configuration/xss_via_domain_takeover:
    skip: true

Score

  • Escape Severity:

Compliance

  • OWASP: API8:2023
  • OWASP LLM: LLM05:2023
  • pci: 6.1
  • gdpr: Article-32
  • soc2: CC9
  • psd2: Article-95
  • iso27001: A.12.6
  • nist: SP800-81-2
  • fedramp: SC-20

Classification

  • CWE: 284

Score

  • CVSS_VECTOR: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • CVSS_SCORE: 3.0