Cross site scripting is done by using the known vulnerabilities like web based applications, their servers or plug-ins users rely upon. Exploiting one of these by INSERTING malicious coding into a link which appears to be a trustworthy source. When users CLICK on this link the malicious code will run as a part of the CLIENT’s web request and execute on the user’s computer, allowing attacker to steal information.

There are THREE types of Cross-site scripting

1. Non-persistent
2. Persistent
3. Server side VERSUS DOM based vulnerabilities

Cross site scripting is done by using the known vulnerabilities like web based applications, their servers or plug-ins users rely upon. Exploiting one of these by inserting malicious coding into a link which appears to be a trustworthy source. When users click on this link the malicious code will run as a part of the client’s web request and execute on the user’s computer, allowing attacker to steal information.

There are three types of Cross-site scripting