Security Intermediate

What is XSS (Cross-Site Scripting)?

An attack that injects malicious scripts into web pages viewed by other users, potentially stealing data or session tokens.

XSS attacks inject JavaScript into web applications. Stored XSS persists in the database (e.g., in comments). Reflected XSS is embedded in URLs. DOM-based XSS manipulates the client-side document directly.

Prevention includes output encoding (HTML entities), Content Security Policy (CSP) headers, input validation, and using frameworks that auto-escape output. XSS can steal cookies, redirect users, or deface pages.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

Security Hardening

The process of reducing a system's attack surface by disabling unnecessary services, applying patches, and configuring security controls.

SIEM (Security Information and Event Management)

A platform that collects, correlates, and analyzes security events from across an organization to detect threats and incidents.

Penetration Testing

An authorized simulated cyberattack on a system to evaluate its security defenses and identify vulnerabilities.

WAF (Web Application Firewall)

A security solution that filters and monitors HTTP traffic between a web application and the internet, blocking common attacks.

Security Headers

HTTP response headers that instruct browsers to enable security features like XSS protection, framing prevention, and content type enforcement.

A social engineering attack that uses fraudulent communications to trick people into revealing sensitive information or installing malware.

View All Security Terms →