Cross Site Scripting Attack (XSS)

First Of All let me tell you what is cross site scripting attack.

What is cross site scripting:

Cross site Scripting refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS is amongst the most rampant of web application vulnerabilities and occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.

By leveraging XSS, attacker does not target a victim directly. Instead, attacker would exploit a vulnerability within a website or web application that the victim would visit, essentially using the vulnerable website as a vehicle to deliver a malicious script to the victim’s browser.

Now lets see How to Protect Yourself :

it's crucial that you turn off HTTP TRACE support on all webservers. An attacker can steal cookie data via Javascript even when document.cookie is disabled or not supported on the client. This attack is mounted when a user posts a malicious script to a forum so when another user clicks the link, an asynchronous HTTP Trace call is triggered which collects the user's cookie information from the server, and then sends it over to another malicious server that collects the cookie information so the attacker can mount a session hijack attack. This is easily mitigated by removing support for HTTP TRACE on all webservers.

Different Types of Cross-Site Scripting Vulnerability:
~Stored Cross-site Scripting Vulnerability
~Reflected Cross-site Scripting (XSS) Vulnerability
~DOM Based Cross-Site Scripting Vulnerability

Note:

All images are under CC
credits : https://www.acunetix.com
If you are intersted to know more about css , you are suggested to visit: wikipedia.org