Hello, I have some questions about XSS because I am worried I have been a victim of one. I’ve already changed passwords and have had 2FA enabled, but I still do have some questions about XSS.
1. Can XSS attacks access all browser data (such as cookies/saved passwords of multiple sites) and can XSS attackers keylog browser-wide (in other words, can they keylog on multiple websites)?
2. Can XSS attacks persist throughout a website or just have control over a web-page?
3. Does signing out of sessions or changing passwords or clearing cookies through browser settings invalidate stolen session cookies?
4. Can XSS attacks persist on a web-page (not including XSS attacks that use comments or profile pages) if the same web-page was reaccessed directly through a non-malicous link?
5. How can you stop XSS attacks after it has started as a user?
Additional info, I use Brave Browser and Google Chrome.