What Is Cross-Site Scripting?
Cross-Site Scripting (XSS) is a code-injection vulnerability that occurs in applications that process HTML when developers do not sanitize user input well enough before inserting it into an HTML template. It allows an attacker to insert arbitrary JavaScript code into a template and execute it in the user’s context:
In the image above, the developer failed to sanitize the content of the “last-name” div, which resulted in users being able to include malicious scripts by manipulating their last name.
This article has been indexed from DZone Security Zone
Read the original article: