Cross-Site Scripting (XSS) is a vulnerability that allows malicious JavaScript code to be injected into trusted web pages, thereby enabling the execution of malicious code in the browsers of users who visit the site.

XSS vulnerabilities arise when unreliable input is not handled properly, but is returned to the browser as it is, causing the browser to interpret it as code on the client side. Such input could be, for example, an open comment on a discussion forum.

The image below shows an example of what a successful XSS attack might look like. The attacker finds an XSS vulnerability on the website, saves malicious JavaScript code on the website, and when the user(s) visit the infected website, the code gets executed, allowing the attacker to steal the desired information.

Here is a PHP script that is vulnerable to XSS attacks.

It is vulnerable because it creates HTML code unsafely. The URL parameter 

 is not encoded correctly. An attacker can create a link like the following, which executes the attacker's JavaScript code on the website when the target opens it:

Opening the link leads to the execution of the following HTML code in the user's browser:

XSS vulnerabilities are often classified into categories based on the following:

Can a vulnerability be exploited in such a way that the malicious JavaScript code "remains" on the page, for example in a message on a discussion forum? This would be persistent, "

Does the harmful code only reflect once when the target of the attack opens a maliciously formatted link? This is called "

Or regardless of these two, whether the vulnerability is solely in JavaScript code that, for example, dangerously handles browser URL anchors. These are usually referred to as DOM-based XSS vulnerabilities.

Different situations where XSS vulnerabilities occur

The vulnerability typically arises from one of the following reasons:

The application generates HTML unsafely (parameterization without proper encoding).

 The application allows users to directly edit the website's HTML code (e.g., WYSIWYG editors).

The application allows users to send HTML/SVG files and serves them back dangerously.

 The application uses outdated and vulnerable JavaScript libraries.

The application uses JavaScript unsafely by passing untrusted data into functions that execute code directly from a string (such as eval).

The application allows users to set the HREF attributes of links without validating them against malicious URL addresses such as those starting with javascript:-.

Finally, here is a practical example. Start the task and try entering HTML or JavaScript code into the textbox.

A few example inputs that can be used to identify vulnerabilities.

XSS example

Cross-Site Scripting (XSS) is a vulnerability that allows malicious JavaScript code to be injected into trusted web pages, thereby enabling the execution of malicious code in the browsers of users who visit the site.

XSS vulnerabilities arise when unreliable input is not handled properly, but is returned to the browser as it is, causing the browser to interpret it as code on the client side. Such input could be, for example, an open comment on a discussion forum.

*The image below shows an example of what a successful XSS attack might look like. The attacker finds an XSS vulnerability on the website, saves malicious JavaScript code on the website, and when the user(s) visit the infected website, the code gets executed, allowing the attacker to steal the desired information.*

![](sanity:image-fd4e3e4c5eeed3a0c6ac3f94d3b7c47f3eae151c-951x521-png)

## 

---

## Example of a Vulnerable Solution

Here is a PHP script that is vulnerable to XSS attacks.

```php
echo &quot;<p> Search results for search: &quot; . $_GET(&#39;search&#39;) .&quot;</p> &quot;
```

It is vulnerable because it creates HTML code unsafely. The URL parameter **search** is not encoded correctly. An attacker can create a link like the following, which executes the attacker's JavaScript code on the website when the target opens it:

```html
https://www.example.com/?search= <script>alert('XSS')</script>
```

Opening the link leads to the execution of the following HTML code in the user's browser:

```html
<p>Search results for:<script>
    alert('XSS')
  </script></p>
```

---

## XSS Vulnerabilities Categories

XSS vulnerabilities are often classified into categories based on the following:

- Can a vulnerability be exploited in such a way that the malicious JavaScript code "remains" on the page, for example in a message on a discussion forum? This would be persistent, "**stored**" or "persistent" XSS.
- Does the harmful code only reflect once when the target of the attack opens a maliciously formatted link? This is called "**reflected**" XSS.
- Or regardless of these two, whether the vulnerability is solely in JavaScript code that, for example, dangerously handles browser URL anchors. These are usually referred to as DOM-based XSS vulnerabilities.

---

## 

---

## Different situations where XSS vulnerabilities occur

The vulnerability typically arises from one of the following reasons:

- **Inadequate encoding:**The application generates HTML unsafely (parameterization without proper encoding).
- **WYSIWYG editors:** The application allows users to directly edit the website's HTML code (e.g., WYSIWYG editors).
- **File uploads: **The application allows users to send HTML/SVG files and serves them back dangerously.
- **Vulnerable components:** The application uses outdated and vulnerable JavaScript libraries.
- **eval() and its counterparts: **The application uses JavaScript unsafely by passing untrusted data into functions that execute code directly from a string (such as eval).
- **Links: **The application allows users to set the HREF attributes of links without validating them against malicious URL addresses such as those starting with javascript:-.

@exercise a39ac4838823


What are Cross-Site Scripting Vulnerabilities?

Learn how to find and exploit a vulnerability that is one of the most common vulnerabilities, easy to find, and yet very dangerous. Hackerone ranked XSS the #1 bug bounty vulnerability of 2021.

XSS (Cross-Site Scripting) vulnerabilities are both common and serious. For example, HackerOne has listed XSS as the number one vulnerability on their top 10 vulnerabilities list.

Vulnerability management is therefore extremely important, whether you are a penetration tester, a security consultant, a developer, or a bounty hunter!

What are Cross-Site Scripting Vulnerabilities?

Learn to hack — start here