cross-site scripting (XSS)

URI: https://gptkb.org/entity/cross-site_scripting_(XSS)
GPTKB entity
Statements (52)
Predicate Object
gptkbp:instanceOf gptkb:security
gptkbp:abbreviation gptkb:XSS
gptkbp:affects web applications
gptkbp:allows attacker to inject malicious scripts
gptkbp:can_be_exploited_by automated bots
malicious users
gptkbp:canBe gptkb:man-in-the-browser_attacks
social engineering
credential theft
spamming
drive-by downloads
keylogging
browser exploitation
browser fingerprinting
bypassing access controls
bypassing same-origin policy
clickjacking
defacing websites
exfiltrating data
exploiting browser vulnerabilities
injecting advertisements
installing browser extensions
modifying web content
redirecting users
session fixation
spreading worms
stealing authentication tokens
tracking users
gptkbp:cause phishing attacks
malware distribution
session hijacking
defacement of websites
theft of cookies
gptkbp:detects web application scanners
gptkbp:exploits trust of user in website
gptkbp:firstDescribed 2000
https://www.w3.org/2000/01/rdf-schema#label cross-site scripting (XSS)
gptkbp:listedOn gptkb:OWASP_Top_10
gptkbp:mitigatedBy input sanitization
HTTPOnly cookies
escaping special characters
output sanitization
using secure frameworks
gptkbp:prevention gptkb:Content_Security_Policy
input validation
output encoding
gptkbp:target web browsers
gptkbp:type gptkb:DOM-based_XSS
gptkb:reflected_XSS
stored XSS
gptkbp:bfsParent gptkb:Web_Storage
gptkbp:bfsLayer 5