XSS attack is the second most popular issue in the OWASP Top 10 Application Security Risks.
This threat is found in around two-thirds of all applications.
XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping
XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, redirect the user to malicious sites or deface web sites.
Is the Website Vulnerable?
There are three forms of XSS, usually targeting users’ browsers:
- Reflected XSS
- Stored XSS
- DOM XSS
Some common XSS attacks including stealing of sessions, taking over of account, bypassing MFA, replacing DOM node or defacement (such as trojan login panels), logging key and other client-side attacks.