Cookies

Introduction to XSS Cross-Site Scripting (XSS) is a client-side vulnerability that appears when user input is rendered as executable JavaScript in the browser. The server is not directly compromised, but the user who loads the page can be targeted for phishing, data theft, or session hijacking. The test goal is to confirm execution, identify how the input is handled, and document a realistic impact. XSS only runs in the browser, so the attack depends on how the page renders or stores input. This is why the same payload can succeed or fail depending on the HTML context. When testing, focus on where the input appears and whether it persists after refresh. Those details determine which attack path is possible. ...