What is Cross-Site Scripting (XSS)?

Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) is a type of web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. This can occur when a web application does not properly validate or escape user input.

XSS attacks enable an attacker to steal cookies, session tokens, or other sensitive information, or even perform actions on behalf of the user. There are three main types of XSS: stored, reflected, and DOM-based.

Implementing input validation, output encoding, and content security policies (CSP) can help defend against XSS.