Cross-Site Scripting

Cross site scripting attacks work by embedding script tags in URLs and enticing users to click them, ensuring that the malicious script gets executed on the user's computer. These attacks leverage the trust between the user and the server and the fact that there is no input/output validation on the server to reject script language characters. Most browsers are installed with the capability to run scripts enabled by default.