Qais Hussainy

XSS is client side code injection attack. the attacker aims a web page or a application and tries to execute that malicious script from that browser of the user. Mostly the websites which has comment section or forums and accepts inputs, are victim of this attack. whenever a malicious script that are mostly written in Javascript, injected in a website or web app it will effect all those users which are visiting that website. for example if someone injects a malicious script into facebook’s comment section and we open that photo to read the comments, that code executes and we get affected either. XSS is not user’s Problem but that vulnerable web App or website’s. one of the malicious actions which an attacker can do with javascript is Cookie Theft by stealing a cookie an attacker may gain access to session tokens which a cookie usually stores then it could be impersonated the user. for example: suppose you’re using netflix by providing your email and password which a...