Security Intermediate

What is XSS (Cross-Site Scripting)?

An attack that injects malicious scripts into web pages viewed by other users, potentially stealing data or session tokens.

XSS attacks inject JavaScript into web applications. Stored XSS persists in the database (e.g., in comments). Reflected XSS is embedded in URLs. DOM-based XSS manipulates the client-side document directly.

Prevention includes output encoding (HTML entities), Content Security Policy (CSP) headers, input validation, and using frameworks that auto-escape output. XSS can steal cookies, redirect users, or deface pages.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

SIEM (Security Information and Event Management)

A platform that collects, correlates, and analyzes security events from across an organization to detect threats and incidents.

A systematic examination of an information system to assess compliance with security policies, identify vulnerabilities, and verify controls.

The process of converting readable data into an unreadable format using algorithms, reversible only with the correct key.

A regularly updated list of the ten most critical web application security risks, published by the Open Web Application Security Project.

A one-way function that converts input data into a fixed-size string of characters, used for data integrity and password storage.

Practices and mechanisms for protecting APIs from unauthorized access, data breaches, and abuse.

View All Security Terms →