Illustration of thief with bag over his shoulder and the word XSS

The X in XSS

I’ve mentioned Cross-Site Scripting, aka XSS, in some of my previous posts. And I’m sure you’ve heard of it as well.

XSS is often categorised as either reflected XSS or stored XSS. And then DOM-based XSS was added. OWASP now categorises XSS as:

  • Client XSS
  • Server XSS

Both of these can be either reflected or stored, which can make it all a little confusing.

Continue reading