XSS: The basics

What is XSS

Types of XSS

  • Reflected XSS is when the attacker’s script comes in an HTTP request, like for an example the following URL: http://website.com/example?comment=<script> * hacker’s script here * </script>
  • Stored XSS is when the script, as the name implies, can be stored in the application’s database, in a comment or username for example
  • DOM-based XSS is when the script comes in a client-side Javascript, for example in a function that changes the HTML of the page

Testing for XSS vulnerabilities

alert( )

XSS Cheat Sheet



I'm a web developer who posts about the things I learn.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store