What is cross-site scripting (XSS)?
D2 ยท Threats ยท CompTIA Security+ SY0-701XSS (Cross-Site Scripting) injects malicious client-side scripts (usually JavaScript) into web pages that other users view. The script runs in the victim's browser with the trust level of the legitimate site.
Types:
๐ด Stored XSS โ script is saved on the server (database, comment field) and served to every visitor.
๐ Reflected XSS โ script is in the URL, reflected back immediately in the response.
๐ก DOM-based XSS โ script manipulates the DOM without going to the server.
Types:
๐ด Stored XSS โ script is saved on the server (database, comment field) and served to every visitor.
๐ Reflected XSS โ script is in the URL, reflected back immediately in the response.
๐ก DOM-based XSS โ script manipulates the DOM without going to the server.
XSS steals cookies, hijacks sessions, or redirects users. Prevention: output encoding, Content Security Policy (CSP), input validation. A WAF helps but isn't a complete fix.