XSS attacks are carried out by exploiting vulnerabilities in a dynamically created web page. This allows an attacker to inject client-side scripts into a web page being viewed by other users. When an unsuspecting user visits a web page that contains XSS, the user's browser will begin to execute the malicious script in the background while the victim is unaware:
An XSS attack usually focuses on redirecting a user to a malicious URL, data theft, manipulation, displaying hidden IFRAMES, and showing pop-up windows on a victim's web browser.
The malicious script includes ActiveX, VBScript, JavaScript, or Flash.
There are two types of XSS attacks:
- Stored XSS
- Reflected XSS
In the following section, we will discuss both in detail.