Table of Contents
Depending on the malicious script, it may execute automatically in web browser when the page is loading or it may trigger with a user action. Few web browsers like Internet Explorer put such infected web pages under suspected category and give warnings to user if any scripting code is being executed while web page is rendering but many Cross Site Script works by tricking with users and encouraging them to click on a link/image etc. that leads to malicious action without users being aware of such actions.
Tricking users could be as simple as sending a interesting jpg (image) file to a user by email or putting a link in comment and embedding the malicious script into the jpg/image file. Many users does not see any risk with a image file but as soon as they click on the link from attacker’s source their security may be compromised.