What is Detectify?

Cross-site scripting (XSS)

March 22, 2016

What is Cross-site scripting?

With many potential attack vectors, cross-site scripting  (XSS) is a widespread vulnerability that affects a large number of sites. Check out this list of our XSS resources to learn more about the vulnerability and stay up to date with alerts.

Cross-site Scripting (XSS)


Our OWASP TOP 10 posts offer an insight into each of the 10 vulnerability types on OWASP’s list. We describe the vulnerabilities, the impact they can have, and highlight well-known examples of events involving them. Of course, we also explain how to discover these vulnerabilities, providing code examples and helpful remediation tips.

OWASP TOP 10: Cross-site Scripting – XSS (#3)

Cross-site scripting is a type of attack that can be carried out to compromise users of a website. The exploitation of an XSS flaw enables the attacker to inject client-side scripts into web pages viewed by users. It is often assumed XSS only occurs in JavaScript, but it could also include e.g. VBScript.


The basics of Cross-site Scripting (XSS)

Read about the different types of Cross-site scripting and the impact they can have on your site and its users.

What is Cross-site Scripting and how can you fix it?

If you’re looking for Cross-site Scripting examples complete with solutions, this blog post is for you!

First Encounters Through the Eyes of the Detectify Scanner

XSS is one of the top four critical vulnerabilities on websites we scan. To find out how we discover vulnerabilities and get an insight into how our scanner works, take a look behind the scenes with our data scientist Andrea Palaia.


How I hacked Facebook and received a $3,500 USD Bug Bounty

Read our knowledge advisor Frans Rosén’s account of how he discovered and reported a stored XSS on Facebook.


[Alert] Stored XSS in WordPress Plugin Jetpack
[Alert] New WordPress XSS Vulnerability Discovered


For more XSS-related content, check out our Labs blog where we publish technical write-ups and examples of various exploits.

Finding an XSS in an HTML-based Android application
How to: Exploit an XSS
XSS Where You Least Expect It