Security security web vulnerabilities

What is XSS (Cross-Site Scripting)?

Definition

XSS (Cross-Site Scripting) is a web security vulnerability where an attacker injects malicious JavaScript into a page viewed by other users. The injected script runs in the victim's browser with full access to cookies, session tokens, and DOM.

Why It Matters

XSS is consistently in the OWASP Top 10. It can steal session tokens, redirect users to phishing sites, and modify page content. Prevention requires output encoding (HTML entities), Content Security Policy (CSP), and input validation.

Related Free Tools

&;
HTML Entity Encoder
Encode & decode HTML entities
Free · No signup

Related Terms

HTML Entities CSRF (Cross-Site Request Forgery) Content Security Policy (CSP) SQL Injection
← All Terms Browse all tools →