Wikipedia defines XSS as:
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side script into web pages viewed by other users.
There are three main types of XSS:
Stored XSS happens when user input is stored on the target server, and the victim is able to retrieve the stored data in an unsafe way. This can affect any user that has access to the stored data.
Reflected XSS happens when user input is returned immediately to the user and the input is not validated or made safe to render by the browser.
DOM Based XSS
DOM based XSS happens when XSS becomes possible based on DOM-based manipulation. Think of it as a dormant payload, which becomes active only when the DOM manipulates it in certain ways.
Common XSS Attacks
Cross-site scripting is one of the most common attacks in today’s web applications. Cross-site scripting could be used in several attacks. For example