Share on social networks
It is a type of computer insecurity in websites, which allows a person to inject JavaScript code or another similar language into websites, avoiding control measures such as the Policy of the same origin.
In Spanish, this type of insecurities is known as Sequences of orders in crossed sites.
It is common to find vulnerabilities in websites whose functions are to present the information in a web browser or in another web page container. Vulnerable local applications also exist, so they do not only exist on sites on the Internet.
This type of attack can be used to steal information, steal user sessions and compromise the browser. XSS vulnerabilities have existed practically since the Internet began.
Normally, the vulnerability is obtained by not correctly validating the input data used in some application, or by not properly verifying the output for its presentation as a web page.
If you can present this vulnerability in two forms, direct and indirect.
• Direct, also called persistent, consist of the insertion of dangerous HTML code in pages that allow it, including tags such as