All about XSS

Cross Site Scripting, aka XSS is an injection vulnerability wherein an attacker can run their own code. This can take forms of: arbitrary javascript, keylogging, defacing the website (say, with hate speech) or stealing credentials.

Why should I care?

It’s a severe vulnerability — — the attacker’s code is running with privileges of the domain it has a foothold in.

Types:

Stored: this is particularly dangerous, because it’s a once deploy, everyone is affected variety. The target is a webserver that returns this malicious…