Overview
Reflected XSS focuses on user-controlled input that is returned immediately in a web page response.
The page is about the request-response path: user input enters a request, comes back in the response, and is parsed by the browser in a context the application failed to protect.
Security Impact
Reflected XSS can allow browser-side code to run in the context of a victim's session when a crafted request is opened. That can affect session integrity, phishing resistance, account actions, and trust in application-generated pages.
Vulnerability Scope
Search pages, error messages, redirect notices, and profile previews are common sources because they often echo request parameters directly into a response.
Lab Focus
The lab focuses on reflected input, the browser context where it appears, and why output encoding must match the destination context rather than only filtering input.
Related Labs
Related trainings
