Cross-Site Scripting (XSS) Cheat Sheet. XSS - What Is Cross-Site Scripting? Cross-Site Scripting (also known as XSS) is one of the most common application-layer web attacks. XSS vulnerabilities target scripts embedded in a page that are executed on the client-side (in the user’s web browser) rather than on the server-side. XSS in itself is a threat that is brought about by the internet security weaknesses of client-side scripting languages, such as HTML and JavaScript.
The concept of XSS is to manipulate client-side scripts of a web application to execute in the manner desired by the malicious user. Such a manipulation can embed a script in a page that can be executed every time the page is loaded, or whenever an associated event is performed. XSS is the most common security vulnerability in software today.
Key Concepts of XSS XSS is a web-based attack performed on vulnerable web applications.In XSS attacks, the victim is the user and not the application.In XSS attacks, malicious content is delivered to users using JavaScript.