Cross-Site Scripting (XSS)



Cross-Site Scripting (XSS) is a vulnerability that allows an attacker to execute client-side code (Javascript) in the victim's browser, which takes control of the user's action on the vulnerable website. So, if the victim is a prefilled user, then it might compromise the website. XSS can steal the user's cookie to access the same session.

In XSS Attack, Attacker tries to inject malicious javascript into the user's browser. Depending on How the attacker injects malicious script into the user's browser, XSS is classified into three categories.

Types of XSS:

  1. Reflected XSS (non-persistent)
  2. Stored XSS(persistent)
  3. DOM Based XSS