DOM-based cross-site scripting (DOM XSS) is a form of cross site scripting first noted by Amit Klein in July 2005 in his paper "DOM Based Cross Site Scripting or XSS of a Third King: A look at an overlooked flavor of XSS". In this paper, Amit argues that reflected typically refers to XSS that bounces off of a server, stored typically refers to XSS where the payload persists in a database - but there are also XSS attacks where the source and sink both reside inside of the browser and in the DOM. These attacks he denotes as DOM XSS.