Websites, for example, frequently reflect URL parameters in the server's HTML response. This is often connected with standard XSS, however it can also result in so-called reflected+DOM flaws.
XSS is commonly exploited by stealing cookies. For session management, most web apps employ cookies. Cross-site scripting vulnerabilities can be used to send the victim's cookies to your own domain, which you can then manually inject into your browser to impersonate the victim.
On a page, a DOM element is similar to a DIV, HTML, or BODY element. You can use CSS to apply classes to all of these, or you can use JS to interact with them.
Cyber Forensics Masterclass with Hands on learning