Cross-Site Scripting (XSS)

Cross-site scripting (XSS) is a type of injection attack where malicious scripts are injected into otherwise trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser-side script, to a different end user. There are three main types: Stored XSS (persisted in the database), Reflected XSS (included in the HTTP response), and DOM-based XSS (executed through client-side JavaScript).

XSS can be used to steal session cookies, redirect users to malicious sites, deface web pages, or perform actions on behalf of authenticated users. APVISO tests for all three XSS variants using context-aware payload generation.