ABSTRACT
Cross-site scripting (abbreviated to XSS so as not to be confused with the abbreviation for cascading style sheets) is a vulnerability rooted in the way HTML content is generated and interpreted by client browsers. These vulnerabilities are usually found in Web applications and allow attackers to inject HTML or client-side scripting into the input of a Web-based application in the hope (or with the knowledge) that the input the attacker provided will be returned unparsed. If a dynamic Web page is output with the malicious code in it, the victim’s browser attempts to render it as though it were HTML, complete with an attempt to execute the scripting.
