1. User 1 logs on to the application. Fills up the form with malicious
JS code in it. The server accepts the input, is stored in the database.
2. User 2 logs on to the application. Goes to the view the information
stored in the database. The JS gets executed on user 2's browser. User
is attacked by XSS.
I've been doing a bit of reading, and I can't really understand why XSS
is such an issue. Sure, if a user can insert a <script> tag, what
difference will that make to anyone else, as it is only on their own
I hope that clarifies the question.
With warm regards,
Business: http://binaryvibes.co.in, Tech stuff: http://techchorus.net,
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php