Now let's learn more about XSS. This type of vulnerability allows an attacker to inject JavaScript into a page. JavaScript is a programming language, and using this vulnerability, an attacker would be able to execute code written in JavaScript into a certain page, such as a website. JavaScript is a client-side language, so when the code is executed, it will be executed on the client, on the user, the person who is browsing the web page. It's not going to be executed on the server, so even if our code results in us getting a reverse shell, the shell will be coming from the user who is browsing the page, not from the website. So any code we write in JavaScript will be exploited or will run on the target user—on the people ...