Reflected XSS

Reflected XSS occurs when an application includes user-supplied input in a page response without proper validation, sanitization, or output encoding. Attackers may craft malicious links that execute scripts when a victim opens them, potentially leading to session theft, phishing, account actions, or user impersonation. In bug bounty programs and application security testing, reflected XSS is commonly assessed based on exploitability, user interaction, affected context, and business impact.