Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application. When a user visit the infected or a specially-crafted link , it will execute the malicious javascript.
Famous attacks:
- Samy worm (2005)
- Yahoo attack (2013)
- TwitterDeck attack (2014)
What can we do with XSS:
- Hijack the user’s session
- Perform unauthorized activities