I Am Found Vulnerability DNS-Misconfiguration-->Same-Site Scripting ,

Your website deals with security issues.

Description:-
This is also not an xss/JavaScript injection issue, but a DNS misconfiguration that bypasses the same domain policy and allows non-injected JavaScript from the local host to run in the context of pages served by the misconfigured domain.

Tavis Ormandy reported a common DNS misconfiguration that can result in a minor security issue with web applications.

"It's a common and sensible practice to install records of the form "localhost. IN A 127.0.0.1" into nameserver configurations, bizarrely however, administrators often mistakenly drop the trailing dot, introducing an interesting variation of Cross-Site Scripting (XSS) I call Same-Site Scripting. The missing dot indicates that the record is not fully qualified, and thus queries of the form "localhost.example.com" are resolved. While superficially this may appear to be harmless, it does in fact allow an attacker to cheat the RFC2109 (HTTP State Management Mechanism) same origin restrictions, and therefore hijack state management data."

Your localhost.example.com has address 127.0.0.1 and this may lead to "Same- Site" Scripting.

I can also ping the localhost network from localhost.example.com , as in the image attachment "PING TO LOCALHOST .example.com"
127.0.0.1 host localhost.example.com

The Impact of this Vulnerability :-

An attacker can cheat the RFC2109 (HTTP State Management Mechanism ) same origin restrictions, and therefore hijack State Management data.

Remediation :-
It is advised that non-FQ localhost entries be removed from nameserver configurations for domains that host websites that rely on HTTP state management.