I would like to understand the security implications of Cross Site Scripting (XSS)?
We've talked about Cross Site Scripting (XSS) before, and for good reason; it's a risk far too many websites are vulnerable to. The basic threat of XSS to your website's security is that it runs in the context of the trusted relationship between your browser and a website.
XSS cookie theft
Another example of an XSS exploit is using XSS to steal administrative access to a website:
- The administrator's browser sends the cookie to the attacker's website.
- The attacker uses the stolen cookie to use the administrator's access on the website.