Types of XSS Client Side Attacks

Client Side Attacks includes:

Cross Site Request Forgery can be exploited by attackers that a user is already logged into a service.

Clickjacking tricking a user to follow a disguised toxic link.

Cross Site Scripting when an attacker gets JavaScript code executed in the users browser to access their cookies or account.


Cross Site Request Forgery (XSRF) attacks gets the user to follow a link on a site that they are logged into. But the attacker can take advantage of the action.

It could be a link from the users bank account to the attacker. 

If the user is logged into a site that is not well enough defended against this attack. It can allow for an execution how the attackers can exploit it without the user knowing it.


Clickjacking attacks are used to trick the target user to click a toxic link. The link can be disguised look as a legitimate link. 


Cross Site Scripting (XSS) allows the attacker to execute JavaScript code on the user via their browser. It can be used to upload toxic code to an application or sending toxic JavaScript in an email.

This way they can steal session IDs stored in the browser and login to a legitimate system.

To protect against this type of attacks this is done by using server side defenses.