WAF Bypassing with XSS Cross Site Scripting – XSS Cross Site Scripting (or simply XSS) is an injection type at- tack where the attacker injects malicious scripts into trusted websites. The vulnerability occurs when we use a web application to send maliciously crafted code in the form of a browser side script, most of the time in HTML, to a different user of the application. These kinds of attacks take place in many places of a web application, most of the time in the parts that the user can supply content to it and the web application generates it within the output, with- out validating or encoding it. As we said, the attacker can send malicious code to another user. The browser of the user that will receive this code has no way to know that this script cannot be trusted, and it will be executed, as it was given by the website itself. Cookies, session tokens, and other user sensitive information, are only some of the data that we can acquire with XSS attacks. To conti