Cross-site scripting (XSS) is a vulnerability derived from input validation errors in most part of the web applications. From a bug bounty hunter's approach, it is one of the most juicy bugs to look for in an application. It is the reason why XSS bugs are the most commonly reported bugs in bounty programs.

XSS exists due to a lack of validation controls in all the different inputs in an application. Traditionally, they are found in HTML forms that have interaction with the user; however, it is not the only kind of vulnerable input; it is also possible to find XSS vulnerabilities, because of the interaction between other applications, environmental variables, external data sources, and more.

The relevance of the XSS vulnerabilities is so important; evidence of that is this vulnerability is included in the OWAS TOP 10 as one of the most prevalent in the applications in the last 10 years.

One curious characteristic of this vulnerability, between others, is that it is focused on the client. Most of the vulnerabilities reviewed in this book are focused on the application itself, meaning that the application is exploited from a backend perspective in order to generate the failure.

As we will see, in this chapter XSS attacks need user interaction to be successful.

We will cover the following topics in this chapter:

• Understanding XSS attacks
• Detecting XSS in bug bounty programs
• Top XSS report examples