Cross-Site Scripting (XSS) is also referred to as a client-side code injection attack. In this, the attacker intends to execute malicious scripts on the victim’s web browser by including malicious code in a legitimate page or web application. The actual attack occurs when the victim visits the page and executes malicious code, and this web application actually becomes a vehicle to deliver the malicious script to the user’s browser. Forums, web pages, and message boards that allow comments support cross-site scripting attacks.
To fix these attacks, apply context-dependent output encoding.
