Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) Introduction Cross-Site Scripting (XSS) is a web security vulnerability that allows an attacker to inject malicious code, usually JavaScript, into a web page viewed by other users. The vulnerability happens when an application takes untrusted input and includes it in a page without properly encoding or sanitizing it first. When the browser receives the response, it treats the malicious code as legitimate content coming from the trusted website and executes it. Depending on the application, XSS can be used to steal session cookies, impersonate users, modify page content, or perform actions on behalf of the victim. Reflected XSS Reflected XSS happens when user input is immediately returned in the server response without proper encoding. A common example is a search page. Request /search?q=laptop Response You searched for: laptop If the application simply prints the value without encoding it, an attacker could...