Cross-site scripting (XSS)

GPTKB entity

Statements (33)
Predicate Object
gptkbp:instanceOf gptkb:security
gptkbp:abbreviation gptkb:XSS
gptkbp:affects web applications
gptkbp:allows attacker to inject malicious scripts
gptkbp:can_be_exploited_by automated bots
malicious users
gptkbp:category client-side attack
injection attack
gptkbp:cause phishing attacks
data theft
website defacement
session hijacking
gptkbp:detects web application scanners
gptkbp:exploits trust of user in website
trust of website in user input
gptkbp:firstDescribed 2000
https://www.w3.org/2000/01/rdf-schema#label Cross-site scripting (XSS)
gptkbp:listedOn gptkb:OWASP_Top_10
gptkbp:mitigatedBy input sanitization
HTTPOnly cookies
escaping special characters
using secure frameworks
gptkbp:prevention gptkb:Content_Security_Policy
input validation
output encoding
gptkbp:relatedTo gptkb:cross-site_request_forgery_(CSRF)
SQL injection
gptkbp:target user browsers
gptkbp:type gptkb:DOM-based_XSS
gptkb:reflected_XSS
stored XSS
gptkbp:bfsParent gptkb:HTML_Forms
gptkbp:bfsLayer 5