Cross Site Scripting(XSS) happens whenever an application takes untrusted data and sends it to the client(browser) without validation. This allows attackers to execute malacious scripts in the victim's browser which can result in user sessions hijack, defacing web sites or redirect the user to malicious sites.
Types of XSS
Stored XSS - Stored XSS also known as persistent XSS occurs when user input is stored on the target server such as database/message forum/comment field etc. Then the victim is able to retrieve the stored data from the web application.
Reflected XSS - Reflected XSS also known as non persistent XSS occurs when user input is immediately returned by a web application in an error message/search result or the input provided by the user as part of the request and without permanently storing the user provided data.
DOM Based XSS - DOM Based XSS is a form of XSS when the source of the data is in the DOM, the sink is also in the DOM, and the data flow never leaves the browser.
Example
The application uses untrusted data in the construction without validation. The special characters ought to be escaped.
http://www.webpage.org/task/Rule1?query=try
The attacker modifies the query parameter in their browser to:
http://www.webpage.org/task/Rule1?query=<h3>Hello from XSS"</h3>
Types of XSS
Stored XSS - Stored XSS also known as persistent XSS occurs when user input is stored on the target server such as database/message forum/comment field etc. Then the victim is able to retrieve the stored data from the web application.
Reflected XSS - Reflected XSS also known as non persistent XSS occurs when user input is immediately returned by a web application in an error message/search result or the input provided by the user as part of the request and without permanently storing the user provided data.
DOM Based XSS - DOM Based XSS is a form of XSS when the source of the data is in the DOM, the sink is also in the DOM, and the data flow never leaves the browser.
Example
The application uses untrusted data in the construction without validation. The special characters ought to be escaped.
http://www.webpage.org/task/Rule1?query=try
The attacker modifies the query parameter in their browser to:
http://www.webpage.org/task/Rule1?query=<h3>Hello from XSS"</h3>
