How does XSS work?

Question

Can someone explain how XSS works in plain english? Maybe with an example. Googling didn\'t help much.

Answer 1

In Simple English

XSS is when you insert scripts (meaning JavaScript code) into webpages, so that the browser executes the code. This is malicious, because it can be used to steal cookies, and any other data on the page. For example:

The HTML of a search box:

Now if you insert " onmouseover="alert(1), the final HTML would be When the mouse is passed over the search box, the "alert" will be executed.

In "WikiText"

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.