Glossary/Cross-Site Scripting (XSS)
Web Security

Cross-Site Scripting (XSS)

A vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

Cross-Site Scripting (XSS) is a client-side code injection attack where an attacker injects malicious scripts into content that is served to other users.

Types of XSS

TypePersistenceVector
Reflected XSSNon-persistentURL parameters, search queries
Stored XSSPersistentDatabase, comments, profiles
DOM-based XSSClient-sideJavaScript DOM manipulation

Impact

  • Session hijacking - stealing user cookies and tokens
  • Account takeover - performing actions as the victim
  • Keylogging - capturing user keystrokes
  • Phishing - displaying fake login forms

    • Prevention

  • Output encoding - encode user input before rendering
  • Content Security Policy (CSP) headers
  • Input validation - whitelist allowed characters
  • HTTPOnly cookies - prevent JavaScript access to session cookies

    • How mr7.ai Helps

    KaliGPT can analyze your web application code for XSS vulnerabilities and suggest fixes. Use 0Day Coder to build automated XSS scanners.

    Related Terms

    SQL Injection (SQLi)

    A code injection technique that exploits security vulnerabilities in database queries.

    Cross-Site Request Forgery (CSRF)

    An attack that forces authenticated users to submit unwanted requests to a web application.

    OWASP Top 10

    A standard awareness document listing the top 10 most critical web application security risks.

    Practice Cross-Site Scripting with AI

    Use mr7.ai's specialized AI models to learn and practice security techniques. Start with 10,000 free tokens.

    We value your privacy

    We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Learn more