I used to think if a device is not exposed to the public internet, it is safe, because bad actors cannot access them as it has…
PHP is one of the widely used languages for web development (more than 60%) which makes it one of the most targeted ones.
Also, PHP websites are common in CTFs because it is easy to write vulnerable code in PHP.
DOM clobbering is a technique to escalate HTML injection to XSS which has a high impact.