You must have ever heard that a trusted website gets injected with a malicious script attack. Generally people refer this as a “Cross Site Scripting” attack.
“The XSS is an attack in which attacker inject some malicious code (java script or html) into the input field or in address bar of the webpage”
The XSS scripts injected into a website can leak out sensitive data and information including cookies, session tokens, authentication tokens, to do Phishing attacks, Stealing bank accounts information, website defacement. The vulnerability of the XSS attack is very frequent but hard to patch.
How the Attacker execute their code:
Attackers first Test the target website is vulnerable to XSS attack or not by executing some malicious code. They first search for the user input field and address bar (url bar). They put different different code and try to execute it if the code get executed then site is vulnerable otherwise not vulnerable.
Types of xss attack:
There are three types of xss attack
Persistent XSS: where the malicious string originates from the website’s database.
Reflected XSS: where the malicious string originates from the victim’s request.
DOM-based XSS: where the vulnerability is in the client-side code rather than the server-side code.