There are three main types of XSS vulnerabilities:

1. Stored XSS (Persistent XSS):

   • In this type, the malicious script is permanently stored on the server (e.g., in a database or a file system) and is sent to other users when they access the affected page.
   • Example: An attacker posts a comment containing malicious JavaScript. When other users load the comment page, the script executes in their browser.

2. Reflected XSS (Non-persistent XSS):

   • In reflected XSS, the malicious script is part of the user's request (like in a URL or a form input). The server then reflects the input back to the browser without proper sanitization or validation.
   • Example: An attacker sends a link with a malicious script embedded in a URL parameter. When the victim clicks the link, the script runs in their browser.

3. DOM-based XSS:

   • This occurs when the malicious script is executed as a result of modifying the Document Object Model (DOM) in the browser via JavaScript. The attack is not dependent on server-side code execution but rather on the client-side script’s handling of untrusted data.
   • Example: An attacker crafts a script that manipulates a webpage's DOM and causes it to run arbitrary code when a user interacts with it.

How XSS Works

1. Malicious Script Injection:

   • The attacker injects a script into a website or application, typically through form inputs, query parameters, or URL manipulation.

2. Execution of Malicious Script:

   • When a user interacts with the website or application (e.g., viewing a page or submitting a form), the malicious script is executed by their browser.

3. Impact:

   • The script can do a variety of harmful actions, such as stealing sensitive information (e.g., cookies, session tokens), performing actions on behalf of the user (e.g., transferring funds, changing account settings), or defacing a website.

Consequences of XSS

• Session Hijacking: Attackers can steal a user's cookies or session tokens, leading to unauthorized access to the user’s account.
• Credential Theft: XSS can be used to capture login credentials (username, password) when entered into a form.
• Phishing: Attackers can create fake login forms or popups to trick users into submitting sensitive information.
• Defacement: Malicious scripts can alter the appearance of a website, leading to a loss of trust.
• Malware Distribution: XSS can be used to spread malware by injecting scripts that exploit vulnerabilities in the browser or other applications.

Mitigating XSS

1. Input Validation:

   • Ensure that user input is properly validated. Only accept expected types of input and reject anything else.

2. Output Encoding:

   • Encode user inputs before including them in web pages. This ensures that any special characters (like <, >, ", etc.) are treated as data, not executable code.
   • For HTML contexts: Use HTML entity encoding.
   • For JavaScript contexts: Use JavaScript-specific encoding.
   • For URL contexts: Use URL encoding.

3. Use Security Headers:

   • Content Security Policy (CSP): A CSP can restrict the sources of executable scripts and prevent inline JavaScript from running.
   • X-XSS-Protection: This header can be used to instruct browsers to block pages that detect reflected XSS attacks.

4. Sanitize User Inputs:

   • Use libraries like OWASP Java HTML Sanitizer or similar to sanitize user-generated content, stripping out harmful scripts.

5. Avoid Inline JavaScript:

   • Avoid embedding JavaScript directly in HTML, as this opens up possibilities for script injection. Instead, use external scripts with strict CSP settings.

6. HttpOnly and Secure Cookies:

   • Set the HttpOnly flag for cookies to prevent access to cookies via JavaScript.
   • Set the Secure flag to ensure cookies are only transmitted over HTTPS.

Tools for Detecting XSS

1. OWASP ZAP (Zed Attack Proxy): An open-source security testing tool that helps detect XSS vulnerabilities in web applications.
2. Burp Suite: A popular tool for security testing that includes functionality for detecting XSS and other vulnerabilities.
3. OWASP Dependency-Check: A tool that scans your project dependencies for known vulnerabilities, including libraries vulnerable to XSS attacks.