Security

What is XSS?

Cross-Site Scripting — an attack that injects malicious scripts into web pages viewed by other users.

Definition

XSS (Cross-Site Scripting) is a vulnerability where attackers inject malicious JavaScript into web pages. Types include: Stored XSS (persisted in database), Reflected XSS (in URL parameters), and DOM-based XSS (client-side manipulation). XSS can steal cookies, session tokens, or redirect users. Prevention includes input sanitization, output encoding, Content Security Policy (CSP) headers, and using frameworks that auto-escape output (React, Angular).

Related Terms

CSRF CORS

More in Security

Authentication Authorization JWT OAuth 2.0 SSL/TLS CSRF

CSRF Jamstack