An attacker distributes a link (or possibly some other query structure)
						with a request to a third party web server that is malformed and also
						contains a block of exploit code in order to have the exploit become live
						code in the resulting error page. When the third party web server receives
						the crafted request and notes the error it then creates an error message
						that echoes the malformed message, including the exploit. Doing this
						converts the exploit portion of the message into to valid language elements
						that are executed by the viewing browser. When a victim executes the query
						provided by the attacker the infected error message error message is
						returned including the exploit code which then runs in the victim's browser.
						XSS can result in execution of code as well as data leakage (e.g. session
						cookies can be sent to the attacker). This type of attack is especially
						dangerous since the exploit appears to come from the third party web server,
						who the victim may trust and hence be more vulnerable to deception.