</>
ProtocolCodes
Security

XSS (Cross-Site Scripting)

A security vulnerability where attackers inject malicious scripts into web pages viewed by other users. Stored XSS persists in the database, reflected XSS bounces off the server in the response, and DOM-based XSS manipulates client-side JavaScript. XSS can steal session cookies, redirect users, or deface websites. Defenses include output encoding, Content Security Policy (CSP) headers, and HttpOnly cookies.

Related Protocols

HTTP

See Also

Cookie HTTP Concepts
CSRF (Cross-Site Request Forgery) Security
SQL Injection Security
CSP (Content Security Policy) Security
Clickjacking Security
← Back to Glossary