Please enable JavaScript.
Coggle requires JavaScript to display documents.
OWASP - Coggle Diagram
OWASP
XSS (CSS)
same origin policy
What is origin
What it can do
Access cookies and get info
send xmlHTTPRequest with info to dest
edit the DOM of current website
can access user geolocation, webcam, certain files on PC
Attack
Cookie theft
Key logging
Phishing
3 actors
Browser
Attacker
Victim
Why?
3 types
Reflection
Dom-based
Persistent