Self XSS vs Reflected XSS

Question

What is the difference between self XSS and reflected XSS? If I find a XSS vulnerability, how do I know whether it is self XSS or reflected XSS ? I have tried reading a lot of articles on Google but am still confused. Thanks in advance!

Answer 1

Reflected XSS occurs when user input included in the url address is reflected in the page source un-unescape .
Now, a lot of things can be user input such as your input in search form , the url adress itself . an example is

https://vulnerable.com/<script>alert(1)</script>
lets say after visiting the url and you check the page source in your browser and you see <script>alert(1)</script> somewhere in the page source . This is a reflected xss and can be used to exploit other users since anyone who visited that link will have the xss fired and their cookies stolen if lacking the httponly flag

Self XSS self Xss is an xss that executes in the context of the user who submits the payload . Say web app has profile function and in the profile function you have an option to specify a nickname . now in this web app you cant view other user profiles , meaning thier is no way to make another user view your profile . Most bank apps are like this. Now, if the nick name parameter is vulnerable to xss , The xss here would be self xss because only you can view your user profile and the xss will only execute in your own context . You can agree that stealing your own cookies isnt of any impact

Answer 2

Reflected XSS vulnerabilities typically refer to links that you can trick people into clicking - if the user follows them then the javascript is executed, eg https://www.example.com/example?search=<script>alert(1);</script>

Self XSS vulnerabilities typically require the user to type something in, such as putting <script>alert(1);</script> in a form field where the value is not populated from a URL or form parameter. So you can only impact yourself with self XSS vulnerabilities unless you have a really gullible user :)