Cross Site Scripting (XSS) on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.

Learn about cross-site scripting, its different varieties, and how to prevent these vulnerabilities.

Dec 15, 2025 · A cross-site scripting (XSS) attack is one in which an attacker is able to get a target site to execute malicious code as though it was part of the website.

Cross-site scripting (XSS) [a] is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by …

A curated list of common and advanced Cross-Site Scripting (XSS) payloads for penetration testing, bug bounty hunting, and web application security research. Useful for learning, practicing, and au...

Nov 25, 2025 · Cross-Site Scripting (XSS) is a vulnerability in a web application that allows a third party to execute a script in the user's browser on behalf of the web application.

What is cross-site scripting? Cross-site scripting (XSS) is an exploit where the attacker attaches code onto a legitimate website that will execute when the victim loads the website. That malicious code …

May 9, 2025 · Comprehensive guide to Cross-Site Scripting (XSS) with practical examples, explaining its concept, risks, and preventive measures for web application security.

May 22, 2026 · Interactive cross-site scripting (XSS) cheat sheet for 2026, brought to you by PortSwigger. Actively maintained, and regularly updated with new vectors.

Comprehensive XSS cheat sheet with 60+ payloads for reflected, stored, and DOM-based cross-site scripting. Filter bypass, event handlers, polyglots, and encoding tricks.