Q1: XSS is a server side vulnerability

A1: Yes/no

Q2: Craft a very simple HTML broken image tag with a source of a picture with a source of "x".


Q3: Now add an event handler that executes the javascript code for printing the page


Q4: Name 3 programming languages in which XSS can occur without besides JS


Q5: Name 2 context in which XSS can occur outside of the HTML tag insertion


Q6: Image a scenario in which we have a POST based reflected variable that leads to XSS. This is self-XSS by it's definition but can you think of ways to elevate this?


Q7: Create an input value for the search term which might trigger XSS

var searchTerms = 'fdsfds’;


Q8: Explain the following attack vector where put focus on the context that it occurs in, what event handler is being used and what javascript code triggers.