Cross-Site Scripting (XSS) is a type of injection attack, one of the OWASP 10 vulnerability categories for 2021. In this exploit, an attacker tricks users of a benign application into executing malicious scripts on their client-side such as in the browser. This attack is made possible by flaws within the application itself. The browser has no way to know whether a script came from a trusted source such as the application itself or from an attacker who injected a script into the application code. Cross-Site Scripting is often leveraged by attackers to execute functions with the permissions of other users including forcing users to leak their own session cookies or any other sensitive information stored on the client-side browser for the application.
Cross-Site Scripting (XSS) FAQ
Do you have a question about Cross-Site Scripting? Check out our XSS FAQ which covers the most common questions and answers regarding this vulnerability – here.
Types of XSS
There are multiple types of XSS, including:
For more information regarding the different types of Cross-Site Scripting (XSS), please see here.
Prevention techniques for XSS vary depending on the technology stack used as well as the sub-type of Cross-Site Scripting one is trying to prevent.
For more information regarding XSS prevention, please see here.
How to find out if you are vulnerable (XSS Detection)
Detection techniques for XSS vary depending on the type of Cross-Site Scripting. For more information regarding XSS detection, please see here.