XSS: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) SQL injection: https://www.owasp.org/index.php/SQL_Injection