What is cross-site scripting :feelsgood:
[hide]
Cross-site scripting is what happens when an attacker takes advantage of a vulnerability in a webpage to inject their own code. That code can steal user information such as credentials, session cookies, and other sensitive data, and can even live persistently on a site to attack multiple users.
A XSS attack is unique because these vulnerabilities don't target the website or web app they exploit--it's only an attack vector. XSS uses scripts that are executed on a user's machine; these scripts are called client-side scripts. The vast majority of these are coded in JavaScript or HTML, though there are other languages that can be used for client-side scripts
[/hide]