What are Cross-Site Scripting Attack and Types of its Vulnerabilities

Cross-Site Scripting (XSS)

Cross-Site Scripting is also called as XSS. To understand the XSS you need to know SOP (same origin policy) which prohibits websites to bring back the content from the web pages with a different source. When it disallows access to cross-origin content, random websites with different origin cannot read or modify the data of Facebook or PayPal account while you are logged in.

XSS is a common attack vector; it attacks a malicious code into an accessible web page application.. It doesn't target the web pages directly & differs from other web attack vectors like SQL injections. It is a way of bypassing the SOP concept, whenever the HTML code is generated directly, the user input is not sanitized, and it is represented on the web page that the attacker could insert its HTML code.

In such condition, an attacker can quickly add the JavaScript code and which would run under website's context. After doing such thing, the attacker will be able to access other web pages on the same domain and read website's data like CSRF-Tokens and set cookies. The attacker can read all the private information from the web page like CSRF Tokens and make a request on behalf of the user and pretend as a victim.

Types of XSS vulnerability

These are of three types i.e. Stored, Reflected and DOM XSS.

Stored XSS vulnerability

It happens when the payload is stored like when it is saved in a database, and then it is executed when it opens the user opens the web page. It is a quite dangerous vulnerability for some reasons. For example, a payload is not visible in the Web browser's XSS filter. If the users visit the affected page, they might accidently trigger the payload.

Reflected XSS vulnerability

Such action takes place when the user input from an URL or POST data is reflected on the web page without being stored. It means the attacker has to send the post form or a crafted link to the victim to insert the payload and it is obligatory for the victim to click the link. Such factors are being found b the built in browsers.

DOM Based XSS vulnerability

DOM Based XSS vulnerabilities take place in DOM (Document Object Model) instead of HTML section. Impacts of XSS vulnerabilities vary from the ranges of Session Hijacking to CSRF attacks, a disclosure of sensitive data.

The author likes to write on various topics which can give you useful knowledge and suggestions so that you can provide professional web development services to your clients.