XSS is a type of attack that executes and injects arbitrary JavaScript from an untrusted source in the context of a trusted website. XSS attacks occur when an attacker discovers a vulnerable parameter within a web application that executes dynamic content without validating or output encoding characters before rendering content back to the user. XSS attacks utilize the browser's to transport attack payloads since the browser believes the code is trusted. There are three types of XSS vulnerabilities: reflective (most common), stored, and DOM-based. Reflective XSS vulnerabilities arise when parameter data is copied and echoed back into the application's response without sanitizing its content. Stored XSS vulnerabilities arise when an application allows parameter input data to be stored in the application's database for later use. Document Object Model (DOM) XSS vulnerabilities occur when data from a parameter is fed into a DOM element via a JavaScript function.
An attacker who...