Cross-Site Scripting (XSS) is a web vulnerability wich occours when an attacker is able to inject a script (usually JavaScript) and then have it executed by the victim’s browser. This can be used to steal cookies, session tokens, or other sensitive information stored in the browser.

First of all, a SQL Injection is a vulnerability which affects SQL Database, due to bad programming of user inputs and bad sanification. A BLIND SQL Injection occours when the application is not giving data (or access) directly, but it’s possible to retrieve such data indirectly by interpretating the application behavior in a Boolean way.