On a web page, we generally interact with input boxes however, there are text areas that act as the document objects. They take\u00a0input from the\u00a0users and these are easily vulnerable.<\/p>\n
An XSS attack can execute malicious script anywhere in the web app. Here’s a quick example<\/p>\n
1.An Input Value:<\/b><\/p>\n
[code]<input type=\u201d<script> window.alert(\u201cMalicious Script injected!!!!\u201d) <\/script>\u201d > [\/code]<\/p>\n
2.\u00a0An attribute of HTML tag:<\/b><\/p>\n
[code]<iframe src=\u201d<script> window.alert(\u201cMalicious Script injected!!!!\u201d) <\/script>\u201d> <\/iframe[\/code]<\/p>\n
3.\u00a0An event binding on HTML tag:<\/b><\/p>\n
[code]<div onmousehover=\u201d<script> window.alert(\u201cMalicious Script injected!!!!\u201d) <\/script>\u201d> <\/div>[\/code]<\/p>\n
There are majorly three types of XSS attacks:<\/strong><\/p>\n – Non-persistent XSS:<\/strong>\u00a0Such an attack is normally prevalent where an\u00a0input\u00a0is accepted without any validation. In such a scenario, a script is sent as a request in an input and this is then shown as a response on the web page.<\/p>\n – Persistent XSS:<\/strong>\u00a0In such an attack a script is sent as data and stored in the database. The script is executed when the user runs the application.<\/p>\n – DOM based or (TYPE-0) XSS:<\/strong>\u00a0DOM based XSS only executes on the client side and not the server side. This is the most advanced and least-known types of XSS.<\/p>\n Our this blog is a series wherein the first blog aims to give you an overview of XSS attack so that you can keep your application secure from XSS attacks. Our second blog will be a continuation from this blog and it will detail out an entire list of XSS preventions. Watch out our blog page for more updates.<\/p>\n","protected":false},"excerpt":{"rendered":" Have you witnessed a scenario where a trusted site gets injected with a malicious script attack? Well, commonly people refer this as a “‘Cross Site Scripting’ attack. The XSS scripts injected into a site can leak out sensitive data and information including cookies, session tokens, and auth tokens. The vulnerability of the XSS attack is […]<\/p>\n","protected":false},"author":904,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":10},"categories":[2026,3917,1994,1],"tags":[4513,227,4511,4512],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/46997"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/904"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=46997"}],"version-history":[{"count":0,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/46997\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=46997"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=46997"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=46997"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Xss Attack Model<\/span><\/h2>\n
![\"how-xss-works-910x404\"](\"\/blog\/wp-ttn-blog\/uploads\/2017\/03\/how-xss-works-910x404.png\")
<\/p>\n