What are the two main XSS vulnerability categories mentioned?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

What are the two main XSS vulnerability categories mentioned?

Explanation:
Cross-Site Scripting vulnerabilities are typically discussed in terms of how the malicious script reaches and is delivered to users. The two main forms are reflected XSS and stored XSS. Reflected XSS occurs when attacker-supplied input is immediately echoed back by the server in the response, often via a link or URL parameter, so the payload executes as the page is loaded. Stored XSS happens when the payload is saved on the server (in a database, comment, or message) and later served to other users, causing the script to run whenever that page is viewed. (Some materials also mention a client-side DOM-based variant, but the classic two main categories described are reflected and stored.)

Cross-Site Scripting vulnerabilities are typically discussed in terms of how the malicious script reaches and is delivered to users. The two main forms are reflected XSS and stored XSS. Reflected XSS occurs when attacker-supplied input is immediately echoed back by the server in the response, often via a link or URL parameter, so the payload executes as the page is loaded. Stored XSS happens when the payload is saved on the server (in a database, comment, or message) and later served to other users, causing the script to run whenever that page is viewed. (Some materials also mention a client-side DOM-based variant, but the classic two main categories described are reflected and stored.)

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy