Cross-site Scripting: In the cross-site scripting attack, the attacker runs the malicious scripts on a web page and can steal the user’s sensitive data. By taking advantage of XSS vulnerability, the attacker can also inject trojan, read out user information, and perform specific actions such as the website’s defacement.
- Ways to avoid XSS vulnerability:
- Encoding the output
- Applying filters at the point where input is received
- Using appropriate response headers
- Enabling content security policy
- Escaping untrusted characters
