Cross-site scripting (XSS) attacks pose a significant threat to the security of web applications, as they compromise personal information by stealing cookies. This study investigates the relationship between XSS attacks targeting websites versus XSS attacks aimed at stealing cookies to leak personal information. A systematic literature review has been conducted, analyzing 96 scientific articles from 2018 to 2023. Three complementary research questions have been proposed to address trends in methods and tools to detect vulnerabilities or mitigate XSS attacks, techniques to steal cookies, and leakage of personal data through cookie theft. Rayyan Intelligent Systematic Literature, Atlas.ti, and Research Rabbit tool supported our analysis, using sources such as IEEE Digital Xplore, ACM Digital Library, Springer Link, Web of Science, and Mendeley. The snowballing technique was applied using the Research Rabbit tool to find related articles, avoid inconsistent parameters and publications, and reduce the risk of bias. The ratio between XSS attacks on websites and cookie theft through XSS attacks is 5:1. It is crucial to persist in studying and introducing novel methods or tools to address this problem and provide better protection against cookie hijacking through XSS attacks. The research gap lies in understanding how our personal information is filtered by the theft of cookies through XSS attacks. More research is needed to fill this gap and to develop novel techniques or tools that teach the end user how their personal information is leaked by stealing cookies using XSS attacks.

跨站点脚本 (XSS) 攻击对 Web 应用程序的安全构成重大威胁，因为它们通过窃取 cookie 来破坏个人信息。本研究调查了针对网站的 XSS 攻击与旨在窃取 cookie 以泄露个人信息的 XSS 攻击之间的关系。我们进行了系统的文献综述，分析了 2018 年至 2023 年的 96 篇科学文章。提出了三个互补的研究问题，以解决检测漏洞或减轻 XSS 攻击的方法和工具、窃取 cookie 的技术以及通过以下方式泄露个人数据的趋势：饼干盗窃。 Rayyan 智能系统文献、Atlas.ti 和 Research Rabbit 工具使用 IEEE Digital Xplore、ACM Digital Library、Springer Link、Web of Science 和 Mendeley 等来源支持我们的分析。使用Research Rabbit工具应用滚雪球技术来查找相关文章，避免参数和出版物不一致，并降低偏差风险。对网站的 XSS 攻击与通过 XSS 攻击窃取 Cookie 的比例为 5:1。坚持研究和引入新的方法或工具来解决这个问题并提供更好的保护以防止通过 XSS 攻击进行 cookie 劫持至关重要。研究差距在于了解我们的个人信息是如何通过 XSS 攻击窃取 cookie 来过滤的。需要更多的研究来填补这一空白，并开发新颖的技术或工具来教导最终用户如何通过使用 XSS 攻击窃取 cookie 来泄露他们的个人信息。