As mentioned in the previous chapter, XSS allows an attacker to inject client-side scripts into web pages viewed by other users. Therefore, when an unsuspecting user visits a web page that contains the malicious scripts, the victim's browser will automatically execute these malicious scripts in the background.
In this section, we will cover how to discover various XSS vulnerabilities by looking at the following topics:
- Understanding XSS
- Discovering reflected XSS
- Discovering stored XSS
- Exploiting XSS – hooking vulnerable page visitors to BeEF
In the following section, we will learn what XSS is.