Cross site scripting(XSS) is a technique that attackers use to insert malicious data into any request or browser-side script that an application sends to web browser.
Using XSS. attackers can:
- Deface websites
- perform phishing attacks.
- Inject malicious links into trusted web pages.
- Send confidential information to untrusted websites.
XSS Types:
1. Non-persistent XSS.
During a non-persistent XSS attack, the malicious XSS data is reflected to the targeted web browser. This causes the browser to display unexpected results. A non-persistent XSS attack usually occurs when a user clicks on a malicious link in a web browser or submits a form that contains malicious code.
2.Persistent XSS:
During a persistent XSS attack, the malicious XSS data is stored on the web server the target web browser interacts with.
3.DOM-based XSS:
A DOM-based XSS attack modifies the DOM environment of the page that is displayed in the targeted web browser. This does not affect the HTTP response generated by the page, so the appearance of the page remains unaltered. However, the client-side code associated with the page, exhibits unexpected beavior.
Top comments (0)