Cross Site Scripting
Input Validation, Output Encoding, Syntax Escaping
Quick Introduction to the Topic:
Vector Operation Method:
Application features that insecurely embed user-controlled content in the HTML output can be abused by attackers to present attacker-controlled scripts to legitimate application users, thus, allowing the attackers to bypass the browser same origin policy, in order to steal users credentials, cookies and sensitive information, as well as perform operations on behalf of the attacked users without their consent or knowledge. JSON variations are sometimes called JSON Injection.