XSS

acronym

web devsecurity

Stands for: Cross-Site Scripting

An attack that injects malicious script into a web page so it runs in other users' browsers.

Cross-Site Scripting exploits a page that reflects or stores untrusted input without escaping it, letting an attacker's JavaScript run with the victim's session. Output encoding and a Content Security Policy are the standard defences; it is a perennial OWASP Top 10 entry.

Also known as: xss, cross-site scripting, cross site scripting

All glossary entries