Decmber 12 2025 was a big day for me I offcially graduated college. For the pass 4 years school has taken a lot of my time, but with this new freedom and while I will be going though the hiring process decided to start learning about web vulnerabilities and start my own bug bounty business.The first web vulnerability oi will focus on is XSS or Cross site Scripting.

XSS is when a hacker inject malicious code into a server and executes to do what ever it is you want. There are 3 types of XSS Vulnerabilities.

Stored XSS-is code that when it gets onto to a server it stays there and effects everyone.

Reflected XSS-The malicious script is reflected off a web application server onto a victim's browser.

Dom based XSS-attack that runs entirely in your web browser, using the page's own JavaScript code to insert the malicious script without the server ever knowing.

Mitigation

Encode Your Output

Before inserting user-controlled data into an HTML page, use a library or framework function to HTML encode it. This will turn any code with <> into harmless text.

Sanitize Data for DOM Interaction

Use tools like DOMPurify to clean up user input before it gets locally and runs locally