Cross-Site Scripting (XSS) vulnerabilities occur when applications include untrusted data in web pages without proper validation or escaping, allowing attackers to execute malicious scripts in users browsers.
Cross-Site Scripting (XSS) Overview
Reflected XSS
Stored XSS
DOM-based XSS
XSS in JavaScript Frameworks
XSS in HTML Attributes
XSS in URLs
Content Security Policy (CSP)
XSS in JSON Responses
XSS in Template Engines
XSS Prevention Checklist