What is XSS (Cross-Site Scripting) and what are the three types?
spaceto flip
Injecting malicious scripts into web pages viewed by other users. Stored XSS: script saved to database, executes for every visitor (most dangerous). Reflected XSS: script in URL query params, reflected in response. DOM-based XSS: script manipulates the page's DOM client-side. Prevention: escape output, use Content-Security-Policy headers, avoid innerHTML.
