A3:2021 | Cross Site Scripting (XSS) (5) | Cycubix Docs

Types of XSS

Reflected

• Malicious content from a user request is displayed to the user in a web browser.
• Malicious content is written into the page after from server response.
• Social engineering is required.
• Runs with browser privileges inherited from the user in a browser.

DOM-based (also technically reflected)

• Client-side scripts use malicious content from a user request to write HTML to its page.
• Similar to reflected XSS.
• Runs with browser privileges inherited from the user in a browser.

Stored or persistent

• Malicious content is stored on the server ( in a database, file system, or other objects) and later displayed to users in a web browser.
• Social engineering is not required.