Cross-Site Scripting or XSS attacks are a type of injection, in which malicious scripts are injected into a website. As the script comes through a trusted website, the malicious script can access any cookies, session tokens or other sensitive information retained by the browser and used with that site. Unlike the other attacks, XSS targets end user of your website and harms their systems.
Here is a small list of the potential damages that can be caused by XSS attacks:
- Stealing the session data of the (authenticated) user
- Manipulating files on the victim’s computer or the network he/she has access to
- Tracking and recording keystrokes the victim makes in a Web application and sending them to the hacker
- Stealing files from the attacked user’s computer or the network he has access to
- Launching other attacks against systems the victim can reach with the browser