Cross site scripting

Cross site script is most common web attack.it basically attacks on application layer of web.
.its basically hits html and javascipt.
  cross site scripting arises when web application take data from form of site and include in it
web page without properly validating the data.XSS vulnerabilities allow an attackers to execute arbitrary commands and display arbitrary content in a victim users browsers. when XSS attacks became a successful attack it take control of victim browser or victim web application.  the potency of an XSS attack lies in the fact that thr malicious code executes in the context of the victim's session,allowing the attackers to bypass normal security restriction

Types of Cross Site Scripting Attacks :-

Reflective Cross Site  Scripting :-
 
In this XSS attacks attacker send the victim a misleading mail with the link containing malicious
javascript,if the victim click the link ,the http request is intiated  from the victim browsers
 and sent to the vulnerable web application.Thw malicious javascript is then reflected back to the victim's browsers,where it is executed int the
context of  of victim users session
 
Persistent Xss

Consider a Web application that allows users to enter a user name which is displayed on each user’s profile page. The application stores each user name in a local database. A malicious user notices that the Web application fails to sanitize the user name field and inputs malicious JavaScript code as part of their user name. When other users view the attacker’s profile page, the malicious code automatically executes in the context of their session.