Cross Site Scripting (XSS)
XSS is ranked as number 3 in the OWASP 2013 Top 10.
XSS is the injection of malicious scripts into a webpage causing
it to react in a way not intended by the developer. It is possible to carry out
an XSS attack against a site that uses input from a user in the output it
generates without validating or encoding it. By injecting a simple script like <script>alert(1)</script>
into the search box on the altoro site, the application responds with:-