Skip to content

Configuration: XSS via Domain Takeover¶

Identifier: frontend_xss_via_domain_takeover

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

XSS via domain takeover occurs when attackers take control of trusted domains due to misconfigurations, outdated services, or DNS issues, allowing them to inject harmful scripts that run automatically when users visit affected pages.

How we test: We check DNS records and subdomain configurations to detect if domains are vulnerable to takeover. We verify if external domains referenced in applications are properly secured and if DNS settings are correctly configured to prevent unauthorized domain control that could lead to XSS attacks.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  frontend_xss_via_domain_takeover:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.