Cross Site Scripting (XSS) – is a type of vulnerability of interactive information systems in the web. XSS appears when user scripts fell into pages generated by the server. The peculiarity of such attacks is that instead of a direct attack on the server, the hackers use a vulnerable server.
At the moment, XSS makes up about 15% all the detected vulnerabilities. Programmers didn’t pay attention to them for a long time, considering them not dangerous. However, this opinion is false: the data located in the pages or in HTTP- Cookie can be very vulnerable.The mechanism of XSS attack performance can be divided into active and passive.
Passive XSS is understood that the script is not stored on the server of the vulnerable website, or it just can’t be automatically performed in the victim’s browser. In the active XSS, the malicious script is stored on the server and fires in the victim’s browser while opening any page of the infected website.