Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term XSS Cross Site Scripting

Training Camp • Cybersecurity Glossary

What is XSS Cross Site Scripting?

A type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users.

Glossary > Application & API Security > XSS Cross Site Scripting

Understanding XSS Cross Site Scripting

A type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. Cross-site scripting is a web security vulnerability that allows attackers to inject malicious scripts into websites viewed by users. When successful, XSS attacks can steal session tokens, cookies, and personal data, enable account takeover, perform unauthorized actions on behalf of users, or deliver malware. XSS exists in three main types: reflected, stored, and DOM-based, each with different attack vectors. XSS vulnerabilities are documented in the OWASP Top 10, CWE-79, and various application security standards. Organizations prevent XSS through input validation, output encoding, content security policies, and security testing. For example, an e-commerce website might implement comprehensive XSS protections, including context-aware output encoding for all dynamic content, strict input validation and sanitization, content security policies that restrict script execution to trusted sources, modern browser security headers like X-XSS-Protection, HTTP-only flags for cookies, and regular security testing focused on finding and remediating XSS vulnerabilities before deployment. Related terms: Web security, Client-side attack, JavaScript injection, Input validation, Output encoding, DOM manipulation, Content Security Policy (CSP), Stored XSS, Reflected XSS, DOM-based XSS, Web application security.

Learn More About XSS Cross Site Scripting:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →