Cross Site Scripting (XSS)¶

It’s a web security vulnerability where an attacker injects malicious JavaScript into a website, and that script then runs in other users’ browsers.

XSS happens when a Web application accepts user input, fails to validate it property. That input is used in the resulting web page, and it executes there, either as HTML or javascript or any other available resource.

XSS is dangerous as it allows the attacker to steal important information such as cookies, impersonate the usage, read or modify the page content.

See also PHP Security 3: XSS and Password Storage and What is cross-site scripting (XSS) and how to prevent it?.

Related : Cross Site Request Forgery (CSRF), html_entity_decode, htmlspecialchars, Static Application Security Testing (SAST), Session Hijacking, Vulnerability, Anchor, CSS, Escape Character, Link, HTML Entity

Cross Site Scripting (XSS)¶

Navigation

Related Topics