Cross-site Scripting
Cross-site scripting (XSS) is a type of web vulnerabilities that allow an attacker to inject scripts into a web page viewed by others. Once an attacker injects a script, they can steal private user information or perform computation on behalf of the victim website. Here, we give a very brief overview of XSS. If you want to know more details, please take 340/440/640: Web Security.
Generally speaking, XSS can be categories as two types:
-
Server-side XSS. Server-side XSS has two sub-categories: reflected and stored (not covered in this lecture). We call it server-side XSS because the vulnerability locates at the server-side code.
-
Client-side XSS. Client-side XSS is sometimes also called DOM-based XSS, because the vulnerable code is incorrect use of client-side DOM APIs.