Points to start :
  • XSS is most common web application vulnerability that allows a hacker to run malicious scripts in client side.
  • These scripts are maliciously crafted by a hacker to perform malicious tasks in client side.
  • When users clicks on a malicious link, the malicious script will run on users machine, such scripts can steal your session ID(your accounts) or infect you with a worm.


Based on the one persistent capability, XSS can be categorized into two types :
  • Persistent XSS
  • Non Persistent XSS

What Is Persistent XSS ?

The Persistent or Stored XSS attack occurs, when the malicious code submitted by the attacker is saved by the server in the database, and then permanently it will be run in the normal page.

What Is Non-Persistent XSS ?

In Non-Persistent XSS(Reflected XSS), the injected code sends to the server via HTTP request. The server embed the input with the html file and return the file(HTTP response) to  the browser.  When a browser renders the HTML file, it executes the embedded script.

How Do They Do It ?

First the attacker identifies a vulnerable site and then he/she injects malicious scripts into the website for stealing users’ accounts by stealing session cookies from their browser or infect users with a worm to gain control over users’ device.