Web Security beginner 50 mins

Cross-Site Scripting (XSS)

Learn XSS through interactive browser security exercises.

Hands-on Labs
Real-world Scenarios
Immediate Feedback
1

Introduction to Cross-Site Scripting

theory

Learn the basics of XSS vulnerabilities and how they occur in web applications.

What is Cross-Site Scripting (XSS)?

Cross-Site Scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. When executed, these scripts can steal sensitive information, manipulate page content, or perform actions on behalf of the victim.

Types of XSS Attacks

  • Reflected XSS: Malicious script is reflected off a web server, such as in an error message.
  • Stored XSS: Malicious script is stored on the target server, such as in a database.
  • DOM-based XSS: The vulnerability exists in client-side code rather than server-side code.

Common XSS Payloads

<script>alert('XSS')</script>
<img src=x onerror=alert('XSS')>
<svg onload=alert('XSS')>

Impact of XSS

  • Session hijacking and cookie theft
  • Defacement of web pages
  • Redirecting users to malicious sites
  • Keylogging and credential theft

Knowledge Check

Which type of XSS vulnerability stores malicious scripts on the server?