Thank you for your feedback! Just starting out, I naturally wanted to use vuln scanners and purely lazy ways of finding bugs, but doing that crap, Ive only been able to find false positives. I was mentioning doing csrf poc because i could target the drop down menu where the supposed bastard dom based xss is, according to burp, however, im not sure if xss could be done that way as i think its possible.
Thanks again for coming to the rescue on my questiins 