You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Cross-Site Scripting (XSS) is a vulnerability that allows an attacker to inject malicious scripts into web pages viewed by other users. When a victim's browser executes the injected script, the attacker can steal session tokens, redirect users, deface websites, or perform actions on behalf of the victim.
XSS exploits the trust a user's browser places in the content received from a website. If a web application includes user-supplied data in its output without proper encoding, an attacker can inject JavaScript that the browser executes as if it were legitimate application code.
User Input (Malicious Script)
│
▼
Web Application (includes input in HTML without encoding)
│
▼
Victim's Browser (executes the script as trusted code)
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.