One of these is a cross-site scripting (XSS) vulnerability affecting all major versions of DuckDuckGo browser extension. While OpenCart takes security very seriously, new security issues may be discovered over time. Widespread use for cross-site iframes launched in Chrome 67 on desktop, and in Chrome 77 for Android. Types of cross-site scripting Reflected XSS. DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. This allows a user who can control those strings to inject malicious