An overview of cross-site scripting
In simple terms, the cross-site scripting attack allows the attacker to execute malicious JavaScript in another user's browser. The malicious script is delivered to the client via the website that is vulnerable to XSS. On the client, the web browser sees the scripts as a legitimate part of the website and executes it. When it runs in the victim's browser, the script can force the browser to perform actions similar to the ones done by the user could do. The script can also make the browser execute fraudulent transactions, steal cookies, or redirect the browser to another website.
An XSS attack typically involves the following participants:
The attacker who is executing the attack
The vulnerable web application
The victim using a web browser
A third-party website to which the attacker wants to redirect the browser or attack through the victim
Let's look at an example of an attacker executing a XSS attack:
The attacker first tests the various input fields for the...
