Via OWASP:

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

How to Test for Cross-site scripting Vulnerabilities

See the latest OWASP Testing Guide article on how to test for the various kinds of XSS vulnerabilities.

Leave a Reply

Your email address will not be published.