Reflected XSS into HTML context with nothing encoded| Shiv Kumar | Application Security

What is Reflected XSS ?

Reflected XSS occurs when user input is immediately reflected in the HTTP response without proper sanitization or encoding. Reflected Cross-Site attacks also known as non-persistent attacks, occur when a malicious script is reflected off of a web application to the victim's browser.

How it works ?

Malicious Input: An attacker crafts a malicious URL or form submission containing a script and sends it to a victim, often through phishing emails or social media.

User Clicks: user clicks the link, which sends a request to a vulnerable web application.

Reflected Response: A vulnerable web application receives this input and, without proper sanitization or encoding, includes it directly in the response sent back to the user.

Script Execution: When the victim's browser renders the response, it executes the malicious script.