Reflected XSS

Reflected XSS (Reflected Cross-Site Scripting) attack occurs when the injected malicious script is reflected off the webserver, like the error message, search result, or any other response. Reflected type attacks are delivered to victims or targets via another path such as email messages or phishing. When the user is tricked into clicking the malicious script or link, then this attack triggers the user’s browser. A simple example of Reflected XSS is the search field.

An attacker looks for places where user input is used directly to generate a response to launch a successful Reflected XSS attack. This often involves elements that are not expected to host scripts, such as image tags (), or the addition of event attributes. These elements are often not subject to the same input validation, output encoding, and other content filtering and checking routines.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Radware Blog
Security Research Center