Cross Site Script Inclusion (XSSI) vulnerability allows sensitive data leakage across-origin or cross-domain boundaries. XSSI is a client-side attack similar to Cross Site Request Forgery (CSRF) but has a different purpose. Where CSRF uses the authenticated user context to execute certain actions inside a victim’s page, XSSI instead uses JavaScript on the client-side to leak sensitive data from authenticated sessions.
