Reflected XSS is a technique that uses the web server’s domain and attached your own script onto the domain; the attacker then uses this link and sends to unsuspected user, once the user clicked on the link the script is executed by user’s browser.
Test for XSS
Preparing a link that attaches attacker’s script
The attacker sets up a fake site that is a trusted site to victim. The attacker crafts an email that looks convincing and sends to a victim.
About reflected xss attack
Modern browser stops xss effectively, the lab demonstration was successful with Winxp IE6.0. Using IE8.0 and higher version of IE, Chrome and Firefox can stop script from being executed by the browser. Noscript add-on is a good add-on for your firefox browser.
Stored xss is a technique where the script is stored in the web server, whenever a user’s browser visits the web server, the script is executed by victim’s browser.
To prevent xss as a web user, you should use Google Chrome or Chromium browser, the Google Chrome browser is excellent in suppressing script execution. If you are using firefox, new firefox version also stop suspected script execution however I would recommend you to use Noscript add-on.