Firstly, you’re probably asking yourself. How the hell did I end up here. Well “mes amigos”, I shall elaborate on your predicament with a 101 in XSS, and why you shouldn’t trust an application you didn’t write yourself.
What is XSS?
XSS, or Cross Site Scripting as it’s known in its unabbreviate form, is the act of inserting ECMAScript (usually javascript) onto a trusted website page, and utilising it to perform actions unknown to the users (victims). It is essentially a form of hacking, utilising the trustworthiness of the exploited site to facilitate actions which can sometimes have repercussions for the user.