- Stored XSS:
When an XSS script is injected such that it will be stored on the server and is rendered only when it is fetched from the server by a user, it is known as stored XSS vulnerability. This vulnerability is relatively more harmful because the script has the potential to inject malicious scripts in the user's machine or steal cookies from user's machine.
- DOM (Document Object Model) based XSS:
In this type of attack, XSS payload is injected in the DOM fields or "select" fields on the website, usually found in edit profile forms. Such attacks have the potential to alter important data in a user's account and affect user experience.
What is the impact of this attack?
If an attacker is successful in injecting an XSS Script, he can ?
- Hijack user accounts by stealing session cookies
- Steal user credentials
- Steal, manipulate or delete sensitive data
- Initiate downloading of malicious files on user's machine
- Impact user experience
How to prevent this attack?
Following measures can be taken to prevent XSS attacks ?
- Sanitization of data on both client and server side.
- Using a strong firewall
- Encrypting the data