Cross site scripting attack when attacker injects the malicious code into the code of the web application or a web server .
It can happen in many ways like attacker can attack the web server through victim visits or Attackers can also attack victim through web server database .
Generally Attacker do cross site scripting attacks to steal the victim personal data or to get the access to the web server database where all the users of that website is stored. Attacker can also hijack the session it can be dangerous because with that session I'd attacker can access to the user activity without even login to the site.
To prevent from this kind of attacks , we can scan the vulnerabilities of the website, or also we can limit the use of HTML in inputs, sanitizing the data inputs or use the web application firewall and many more.
With the help of very common vectors this attack can be possible, few common vectors listed below:-
<Script>
<Img>
<iframe>
<Body>
<Link>
Through this vectors attackers can inject their code in this tag and get the desired output.
From preventing from this attacks the developer must understand the how cross site scripting works so developer's can take proper precautions to avoid this kind of attacks in future.
