Abstract:Cross-site scripting (XSS) attacks pose a significant threat to the security of web applications, as they compromise personal information by stealing cookies. This study investigates the relationship between XSS attacks targeting websites versus XSS attacks aimed at stealing cookies to leak personal information. A systematic literature review has been conducted, analyzing 96 scientific articles from 2018 to 2023. Three complementary research questions have been proposed to address trends in methods and tools to detect vulnerabilities or mitigate XSS attacks, techniques to steal cookies, and leakage of personal data through cookie theft. Rayyan Intelligent Systematic Literature, Atlas.ti, and Research Rabbit tool supported our analysis, using sources such as IEEE Digital Xplore, ACM Digital Library, Springer Link, Web of Science, and Mendeley. The snowballing technique was applied using the Research Rabbit tool to find related articles, avoid inconsistent parameters and publications, and reduce the risk of bias. The ratio between XSS attacks on websites and cookie theft through XSS attacks is 5:1. It is crucial to persist in studying and introducing novel methods or tools to address this problem and provide better protection against cookie hijacking through XSS attacks. The research gap lies in understanding how our personal information is filtered by the theft of cookies through XSS attacks. More research is needed to fill this gap and to develop novel techniques or tools that teach the end user how their personal information is leaked by stealing cookies using XSS attacks.

Personal data filtering: a systematic literature review comparing the effectiveness of XSS attacks in web applications vs cookie stealing