Cross-Site Scripting
Also known as: xss
A vulnerability that lets an attacker run JavaScript in another user's browser session on a trusted site.
Cross-site scripting happens when a site includes user-supplied content in a page without properly escaping it, letting an attacker inject <script> tags. The injected code runs with the victim's privileges: reading cookies, making authenticated requests, exfiltrating data.
Defences layer up: output encoding, input validation, HttpOnly cookies, and Content Security Policy. XSS remains one of the most common web vulnerabilities.
