Cross-Site Scripting (XSS)

Category: science

A vulnerability where a threat actor injects malicious client-side scripts into a trusted website interface.

XSS occurs when an application includes untrusted data in a web page layout without proper sanitization. The script executes inside the unsuspecting victim's local browser sandbox, potentially stealing active session cookies, authentication tokens, or keystroke patterns.

Common Examples

  • We updated our frontend content-security policy to block unvalidated inline scripts, effectively closing the XSS vector.
  • A stored XSS vulnerability can allow hackers to distribute malicious tracking scripts to every user viewing the profile page layout.

AvoCoLab – Community, News & Market Intelligence