Reflected XSS

What is Reflected XSS?

Reflected XSS arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way. Suppose a website has a search function which receives the user-supplied search term in a URL parameter:

https://insecure-website.com/search?term=gift

The application echoes the supplied search term in the response to this URL:

<p>You searched for: gift</p>

Assuming the application doesn't perform any other processing of the data, an attacker can construct an attack like this:

https://insecure-website.com/search?term=<script>/*+Bad+stuff+here...+*/</script>

This URL results in the following response:

<p>You searched for: <script>/* Bad stuff here... */</script></p>

Finding Reflected XSS

Reference

What is reflected XSS (cross-site scripting)? Tutorial & Examples | Web Security AcademyWebSecAcademy

What is reflected XSS? - Web Security Academy