There are web applications that are vulnerable to Reflected cross-site scripting because these applications allow remote attackers to inject browser executable code within a single HTTP response. These applications fail to properly process the codes when the attacker uses the executable code as part of his custom URI or HTTP parameters.
One of the main difficulty in preventing XSS is to implement proper character encoding. In some cases, the web application could not be filtering some encodings of characters. Consider the example where the web application might filter < script > tag, but might not filter %3cscript%3e. This text represents another encoding of tags.
Consider that the above page redirects to a page that has a welcome notice as “Welcome %username%” along with a download link.
The attacker will analyse the link and try to exploit XSS using user variable in hopes of triggering the vulnerability.
A successful execution of the above URL indicates that the site is vulnerable to XSS vulnerability. The above link allows an attacker can execute any script.
An attacker can perform attacks like:-
Beagle recommends the following fixes:-