Share on :
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts (also commonly referred to as a malicious payload) into a legitimate website or web application.
here is some examples of damage can be caused by a successful XSS attack
Attacker may gain access to victim's cookie leading to account takeover or information extraction
Attacker can monitor victim's keyboard activity using addEventListener to spy on user (eg. Passwords, Text messages in a messaging app)
Attacker can make use of Victims processing power to make money (eg. crypto currencies mining)
XSS is classified into:
Reflected XSS attacks occur when an attacker sends to it's victim a specially crafted link that includes a malicious script which reflects off of a web application to the victim’s browser.
Stored XSS occurs when a web application gathers input from a user which might be malicious, and then stores that input in a data store for later use. The input that is stored is not correctly filtered.
DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser.
Self XSS, is the XSS that runs only on the attacker own account. Or it executed by the victim himself on his browser.