Cross-Site Scripting (XSS) vulnerabilities are reportedly the most common exploitable vulnerabilities found in websites. It is estimated that they are present in up to 80 percent of all applications.
XSS vulnerabilities occur when an application, usually web-based, violates the concept of trust known as the same-origin policy and displays content that has been provided by a user that has not been sanitized to remove malicious statements.
There are at least two primary types of XSS vulnerabilities: non-persistent and persistent.
The most common type is non-persistent or reflected vulnerabilities. These occur when the data provided by the client is used immediately by the server to display a response. An attack ...