What is Cross-Site Scripting XSS ? - how to understand XSS - the best of 2020

"Hey guys, Lmacomstore for programming and security community is here! "
Cross-site scripting or XSS is a type of injection attack in which an attacker exploits vulnerabilities in a website in order to attack visitors to the site there are three main types of cross-site scripting attacks reflected Dom base and stored attacks in a reflected cross-site scripting attack malicious code is sent as an input to a server  then reflects the code back to a user's browser and then displays it somewhere on the page this can happen when a user clicks a malicious link or opens an infected email this is a common trick in phishing attacks where an attacker tricks a victim into clicking on a link that is a trusted domain but can invite injected script since the link as parameters, for example, a user named Alice might decide to open an official-looking email from our attacker Mallory Mallory embedded a link to a shopping site in an email with a malicious script embedded as a parameter in the URL once Alice clicks the link the script is sent to the server as the parameter and reflected back to the user on the web page when the page loads for Alice it redirects her to a link that automatically buys overpriced ebooks from a retailer in another country if she is currently logged on to shopping WorldCom after buying a lot of books at JSX Acutes it redirects her to the normal shopping WorldCom web site this is sent so quickly that Alice doesn't realize that she executed the script a variant of a reflected attack is a Dom based attack in this scenario the malicious code is injected into the Dom on a website typically through an element like a text input box or a parameter in the URL this is different than a reflected attack as the Dom attack doesn't modify the server response but rather just modifies the client-side code both the reflected and dom-based XSS attacks rely on a victim clicking link that contains the injected script this is not true for our third type of attack in a stored XSS attack a hacker injects malicious code on a website through a data input like a commenter posts that are stored on a website servers when the data is requested by another user the injected code will execute in that user's browser, for example, our hacker Mallory might go to a popular forum site and post a comment for the top post on the site with malicious code embedded in the message the site doesn't sanitize Mallory's reply or strip out suspicious content before storing it in its database when Alice visits the site she clicks on the post the top posts along with all the users submitted comments is then returned and displayed in Alice's bra sir when the data is loaded onto Alice's browser the malicious code in Mallory's reply is executed without Alice's knowledge and redirects her to another site when she Mouse's over the comment while browsing the page most modern browsers support basic cross-side scripting protection under their advanced settings .