Reflected XSS
← Back to Cross-Site Scripting (XSS)
XSS where the malicious script is reflected off a web server in URL parameters, error messages, or search results. The script is not stored; it is delivered via a crafted URL that the victim clicks. Mitigated by output encoding and Content Security Policy.