XSS (Cross-Site Scripting) Cheatsheet
Vulnerability Summary
Master Cross-Site Scripting (XSS), including injection techniques, common attack vectors, WAF evasion methods, and advanced Content Security Policy (CSP) bypass techniques.
Understanding Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) is a prevalent web security vulnerability that enables attackers to manipulate the interactions users have with a compromised web application. By exploiting XSS, attackers can bypass the same-origin policy, which is designed to isolate different websites from one another. This vulnerability can grant attackers access to sensitive data, and if the targeted user has elevated privileges within the application, the attacker could gain complete control over the application's functionality and data.
Execution Contexts
The success of an XSS attack largely depends on the context in which the malicious payload is injected. Below are common execution contexts and strategies for effective payload injection:
| Context | Input Situation | Injection Strategy | Example Payload |
|---|
