Skip to content

Cross Site Scripting

XSS attacks are a type of injection in which malicious scripts are injected intro the webpages.
XSS attacks occur when an attacker uses a web application to send malicious code to a user in form of a browser side script.

Types of XSS

  • Reflected / Non-Persistence XSS

    • Occur when the data provided by a web client, most commonly in HTTP (Query Parameters) is used immediately by server side scripts to perform actions without properly sanitizing the request.
  • Stored / Persistence XSS

    • It occurs when the data provided by the attacker is saved by the server in a database or other storage medium.
    • The stored script then executes repeatedly on the server side.

Causes of XSS

  • Data enters a Web application through an untrusted source, most frequently a web request.
  • The data is included in dynamic content that is sent to a web user without being validated for malicious content.