Because the unsuspecting browser has no way of knowing that a script should not be trusted, it will go ahead and execute the XSS script, which can access cookies, session tokens, and other sensitive information retained by the browser and used with that site. In short, cross-site scripting allows the attacker to “highjack” HTML pages, deceive users, and steal sensitive data as it assumes control, redirects links, and rewrites content on that site.
Meet software delivery deadlines and security mandates. Contrast Community Edition for Java applications, .NET Core (and .Net Framework coming soon), and APIs delivers security-as-code that protects your software against the most common security flaws. With Contrast, you can remediate vulnerabilities early in the SDLC and monitor and defend against attacks on production applications.