This document discusses DOM cross-site scripting (XSS) vulnerabilities and a new tool called VSA that aims to automatically find such vulnerabilities. It notes that DOM XSS is difficult to detect as it occurs client-side, but that VSA claims to find many more vulnerabilities than traditional tools through running entirely on the browser where JavaScript executes. The document provides examples of top companies that have had DOM XSS issues found via bug bounty programs. It also includes a question about whether readers want VSA to scan their sites.