Update what-is-cross-site-scripting.md (#51)

- Fixed punctuation - Fixed spelling
osirislab · Jan 7, 2025 · a64ed60 · a64ed60
1 parent 532474a
commit a64ed60
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/docs/web-exploitation/cross-site-scripting/what-is-cross-site-scripting.md b/docs/web-exploitation/cross-site-scripting/what-is-cross-site-scripting.md
@@ -45,7 +45,7 @@ Depending on where the exploit gets injected, it may need to be constructed diff
 
 Also, the exploit payload can change to fit whatever the attacker needs it to do. Whether that is to extract cookies and submit it to an external server, or to simply modify the page to deface it.
 
-One of the deficiencies of reflected XSS however is that it requires the victim to access the vulnerable page from an attacker controlled resource. Notice that if the data paramter, wasn't provided the exploit wouldn't work.
+One of the deficiencies of reflected XSS however is that it requires the victim to access the vulnerable page from an attacker controlled resource. Notice that if the data parameter wasn't provided, the exploit wouldn't work.
 
 In many situations, reflected XSS is detected by the browser because it is very simple for a browser to detect malicous XSS payloads in URLs.
 
@@ -63,4 +63,4 @@ The reason being that the web site itself is serving up the XSS payload to other
 
 DOM XSS is XSS that is due to the browser itself injecting an XSS payload into the DOM. While the server itself may properly prevent XSS, it's possible that the client side scripts may accidentally take a payload and insert it into the DOM and cause the payload to trigger.
 
-The server itself is not to blame, but the client side JavaScript files are causing the issue.
+The server itself is not to blame, but the client side JavaScript files are causing the issue.