XSS (cross-site scripting or cross-site security) is known as a type of security attack where the attacker injected the malicious code at the time of entering the data. OR Cross-Site Scripting (XSS) is like as hacking attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. OR Cross Site Scripting (also referred to as XSS) is a kind of vulnerability that occurs when some hacker injects malicious code (ideally script) inside a web page or the database. If the hacker once gives these codes injected into the end user's browser. And if this code run on then it makes access to cookies, sessions, local files, etc. easier. The result of XSS may range from petty nuisance like displaying an alert box to a significant security risk like stealing session cookies.
These are some of the ways to use xss on your application that the attackers often use such as -
1). XSS
- Standard XSS
- DOM-based XSS
2). HTML & CSS
3). Scripts or scripting language
- JavaScript
- VB script
- etc.
4) SQL Injection
Solution :-
- 1). Escaping.
- 2). Validating Input.
- 3). Sanitizing.
- 4). You MUST use the escape syntax for the part of the HTML document you're putting untrusted data into.