Reflected Cross-Site Scripting (Reflected XSS)

A reflected XSS vulnerability shows up when the server takes the content of a received parameter and directly embeds it into the HTML code of the response.
If an attacker injects HTML or JavaScript code in the parameter, this code will be included and executed in the responded website.
This is for example very common in error messages, where the “faulty” parameter is displayed again.

Back to the glossary overview