Cross-site scripting (XSS)

Vulnerability

A vulnerability in which the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

This is typically abbreviated as XSS because the abbreviation CSS typically refers to Cascading Style Sheets.

Source: https://cwe.mitre.org/data/definitions/79.html

Last modified February 11, 2025: Add Cross-site Scripting (1d7b515)