Cross Site Scripting (XSS)

Cross-Site Scripting (XSS) is a type of web security vulnerability that allows an attacker to inject malicious client-side scripts, typically JavaScript, into web pages viewed by other users. This attack occurs when a web application uses input from a user within the output it generates without validating or encoding it, enabling the attacker's script to be executed in the victim's browser as if it were legitimate content from the trusted site. Consequently, the attacker can bypass security controls like the same-origin policy to steal sensitive information such as session cookies, hijack user sessions, deface websites, or redirect users to malicious sites.

  1. Introduction to Cross-Site Scripting
    1. Definition and Core Concepts
      1. Script Injection Fundamentals
        1. Browser Execution Context
          1. Trust Boundary Violations
            1. Client-Side vs Server-Side Processing
            2. Historical Context
              1. Evolution of Web Applications
                1. Early XSS Discoveries
                  1. Timeline of Major Incidents
                  2. XSS in the Modern Threat Landscape
                    1. Industry Impact Assessment
                      1. Regulatory Compliance Considerations

                    Go to top

                    Next

                    2. Web Security Foundations