JavaScript
In an XSS (Cross-Site Scripting) attack, attackers typically use scripts, such as
JavaScript, to inject malicious code into web pages viewed by users. Common targets include input fields, URL parameters, and cookies. However, server-side code, such as PHP or Python scripts executed on the server, cannot be directly used in an XSS attack, as they run on the server rather than in the user's browser.
