What is cross-site scripting (XXS)?

Cross-site scripting (XSS) is a type of injection attack, in which malicious code is added to a benign or trusted site. XSS attacks are usually injected through website forms or URL parameters.

XSS attacks can be categories into three different types:

  1. Stored XSS (also known as Persisted or Type I)
  2. Reflected XSS (also known as Non-persisted or Type II)
  3. DOM based XSS (also known as Type 0)

(Attacks can overlap and consist of both stored and reflected XSS).



The best defense against Server XSS is context-sensitive server side output encoding.