Cross Site Scripting (XSS) is vulnerability typically found in web applications which allows code injections into web pages which are viewed by others. Most of the times the code is client-side scripting code. There are many ways in which XSS vulnerabilities are exploited. Here is one such way.
- Mallik sends a URL to XYZ (via email or another mechanism) of a maliciously constructed web page.
- XYZ clicks on the link.
- Mallik's malicious script now may run commands with the privileges XYZ holds on her own browser.
- Mallik sends the URL http://www.ibibo.com/search.aspx?q=%22%22%3Cscript%3Ealert(document.cookie)%3C/script%3E%22 to XYZ.