Types of XSS vulnerabilities

1. What is XSS?

- XSS (Cross-Site Scripting) is a type of security vulnerability which injects malicious script into webpages viewed by other users.

- Occurs when a web application does not properly validate user input.

 

2. Types of XSS vulnerabilities

 

1) Stored XSS

- The malicious script is permanently stored on the target server (e.g., in a database or comment field).

- When a user accesses the compromised page, the script executes in their browser.

 

2) Reflected XSS

- The malicious script is part of a URL or HTTP request sent to the server and immediately "reflected" back to the user.

- Victims typically need to click on a specially crafed link to trigger the attack.

 

3) DOM-based XSS

- The malicious script is executed directly in the browser, manipulating the DOM (Document Object model) without involving the server.

- DOM: represents the structure of a webpage as a tree, allowing scripts (e.g., JavaScript) to dynamically access and manipulate the content, structure, and style of the webpage. (e.g., document.location, domcument.referrer, or window.name)