What is cross-site scripting (XXS)?
Cross-site scripting (XSS) is a type of injection attack, in which malicious code is added to a benign or trusted site. XSS attacks are usually injected through website forms or URL parameters.
XSS attacks can be categories into three different types:
- Stored XSS (also known as Persisted or Type I)
- Reflected XSS (also known as Non-persisted or Type II)
- DOM based XSS (also known as Type 0)
(Attacks can overlap and consist of both stored and reflected XSS).
The best defense against Server XSS is context-sensitive server side output encoding.