Cross-site Scripting (XSS) - Generic (CWE-79)

XSS (Cross-Site Scripting) Cheatsheet

March 14, 2026

53 views

Cheatsheet Summary

Master Cross-Site Scripting (XSS), including injection techniques, common attack vectors, WAF evasion methods, and advanced Content Security Policy (CSP) bypass techniques.

Understanding Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) is a prevalent web security vulnerability that enables attackers to manipulate the interactions users have with a compromised web application. By exploiting XSS, attackers can bypass the same-origin policy, which is designed to isolate different websites from one another. This vulnerability can grant attackers access to sensitive data, and if the targeted user has elevated privileges within the application, the attacker could gain complete control over the application's functionality and data.

Execution Contexts

The success of an XSS attack largely depends on the context in which the malicious payload is injected. Below are common execution contexts and strategies for effective payload injection:

Context	Input Situation	Injection Strategy	Example Payload

Identification Required

You must be logged in to read this cheatsheet. Join our community of researchers today.

Sign In Register

Related Cheatsheets

pyus3r

Cross-Site Scripting (XSS) Cheat Sheet

This cheat sheet covers: - Reflected XSS: Payloads reflected in the immediate response. - Stored XSS: Payloads persisted in the database. - DOM-based XSS: Payloads executed via client-side JavaScript. - Framework-specific XSS: Exploiting template engines like AngularJS. - Bypass Techniques: WAF evasion and encoding.

LogicalBreach Academy