Security Intermediate

What is XSS (Cross-Site Scripting)?

An attack that injects malicious scripts into web pages viewed by other users, potentially stealing data or session tokens.

XSS attacks inject JavaScript into web applications. Stored XSS persists in the database (e.g., in comments). Reflected XSS is embedded in URLs. DOM-based XSS manipulates the client-side document directly.

Prevention includes output encoding (HTML entities), Content Security Policy (CSP) headers, input validation, and using frameworks that auto-escape output. XSS can steal cookies, redirect users, or deface pages.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

A technique that controls the number of requests a client can make to a server within a specified time period.

Session Hijacking

An attack where an adversary takes over a legitimate user session by stealing or predicting the session identifier.

WAF (Web Application Firewall)

A security solution that filters and monitors HTTP traffic between a web application and the internet, blocking common attacks.

Two-Factor Authentication (2FA)

A security method requiring two different forms of identification before granting access to an account.

Vulnerability Scanning

Automated testing that identifies known security weaknesses in systems, applications, and network infrastructure.

An attack where malicious SQL code is inserted into application queries through user input to access or manipulate the database.

View All Security Terms →