What is Cross-Site Scripting?

Cross-Site Scripting, or XSS, is a client-side web application vulnerability that

allows an attacker to inject the malicious script or payload into the input field
of a web application that script reflects the response as a pop-up of an alert,
session cookies, or token, etc.

How does XSS work?

Whenever an attacker injects the malicious Javascript payload in a web application,
the browser executes the script as a trusted source due to improper input
validation, which is the main reason to generate the XSS vulnerability.
Types of XSS Attack
There are three types of XSS currently found in web applications over the globe by
any security researcher.

Reflected XSS
Stored XSS
DOM-Based XSS

Reflected XSS:

Reflected XSS arises when an attacker injects the malicious script into the web
application, and the server immediately reflects the response back to the request
without validating or sanitizing user input.
This attack reflected off the web server, such as in a search result or error
message.
It’s a client-side attack that is carried out through a single request/response
cycle; hence it can be referred to as non-persistent XSS.
, <script>alert(1)</script>

Scenario: A social media website that allows users to share links. An attacker
creates a malicious link including JavaScript code.
Instagram.com/share?url=<script>alert(‘1’)</script>Impact: When the user clicks on
the link, the website displays the link in the user’s feed. And the browser
executes the injected script and displays an alert box.
How to Prevent Reflected XSS:

Ensure every request will be properly validated or sanitized.

Implement the CSP headers to restrict the unauthorized script execution.
Use encoding for sensitive output data like session cookies or tokens.

Stored XSS:

Stored XSS is a high-severity XSS vulnerability due to its impact. In this attack,
the attacker injects a malicious script into the web application, and that script
will be stored permanently on the server, so whenever the users of the website load
the affected page, the XSS will be triggered and display the stored data to each
and every user.
It comes under the persistent because once the payload is stored in the server, it
will reflect ‘alert’ everyone who is trying to access the affected webpage.
This attack has a wider reach because it can be triggered for everyone, even if
they don’t have any kind of interaction with the attacker.
Scenario: A website allows users to post feedback. An attacker injects malicious
Javascript into a comment:
<script>document.cookie = document.cookie;</script>
Impact : after stored this script on server , is displayed to all users who view
post. Their browsers will execute the script, potentially stealing their session
cookies.
Preventions:

Proper input sanitization and validation are required before storing any data in
the server database.
Implement the content security policy to restrict the source from page load
scripts.

DOM-Based XSS:

DOM-based XSS occurs when an attacker is able to manipulate the DOM of a web page
in a way that allows them to execute malicious scripts. Unlike traditional XSS,
which often relies on server-side vulnerabilities,
DOM-based XSS is entirely client-side. This means that the attack is executed in
the user's browser, making it particularly challenging to detect and mitigate.

Why DOM-Based XSS is More Dangerous:

Because it’s connected directly to the user/victim’s browser.

It’s affect the users who click on the malicious link.
The malicious link includes automated tasks like stealing data and making websites
to do things you shouldn’t do.

Preventions:

Check and clean the user input before processing any request on it.
Use CSP policy to restrict or block the dangerous scripts.
Use safe methods instead of inserting the raw data, like with innerHTML, and use
safer methods like textContent that block scripts before execution.