Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.
XSS is a security breach that takes advantage of dynamically generated Web pages.
it enables attackers to inject client-side scripts into web pages viewed by other users
Thank you for the question, I learnt from previous answers
The idea of xss is that a hacker can inject their own custom JavaScript into a webpage. It's used to trick users into running their custom JavaScript code. And they also used to steal cookies. And if they steal cookies they can steal the cookies data as well as potentially session data, which has been linked with a cookie.
XSS(cross site scripting) in simple words is running user written script in text input box of any website and watching the same script reflecting on the website, which is a huge vulnerability, without any admin privilege a Attacker will be able to manipulate or change website's UI with which one can be fooled for malicious content or attacker might steal cookies with session information etc, brief explanation on this can be obtained at OWASP or Acunetix website.
really its a big gap in web site design ...why its famous Gap
because meny of web sites like Apple ,Uponto its hacked by this gap
this depend on Client Side programming Languages
see that to understand more
https://www.acunetix.com/websitesecurity/cross-site-scripting/