In Cross-Site Scripting (XSS) attacks malicious scripts are injected into benign websites using a web application. The end user’s browser executes the malicious script which can access any cookies, session tokens, or other sensitive information retained by the browser.
A man-in-the middle attack intercepts a communication between two systems, for example the TCP connection between client and server. The attacker splits the original connection into two, one between the client and the attacker and the other between the attacker and the server. Once the connection is intercepted, the attacker acts as a proxy, being able to read, insert and modify the data in the intercepted communication.
To stop these attacks:
o Use Content Security Policy
o Use HTTPs to secure all Web Traffic.