4.2.2. Hazards

When there is an XSS vulnerability, it may lead to the following situations:

  1. The user’s cookie is obtained, which may contain sensitive information such as session ID. If there is no corresponding protection on the server side, the attacker can use the corresponding cookie to log in to the server.

  2. An attacker can record the user’s keyboard input within certain limits.

  3. Attackers perform dangerous operations as users through CSRF, etc.

  4. XSS worm.

  5. Get user browser information.

  6. Use XSS vulnerabilities to scan the user’s intranet.