What is Cross-Site Scripting (XSS)? - apviso [APVISO](/)Product Resources Developers Company [Pricing](/#pricing)[Partners](/partners)[Enterprise](/enterprise) [Login](/login)[Start free pentest](/register?intent=free-local-pentest) [Login](/login)[Start free](/register?intent=free-local-pentest) [Home](/)[Glossary](/glossary)Cross-Site Scripting (XSS)[Back to Glossary](/glossary)Cross-Site Scripting (XSS) ========================== A vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. vulnerabilityinjectionbrowser security Cross-site scripting (XSS) is a type of injection attack where malicious scripts are injected into otherwise trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser-side script, to a different end user. There are three main types: Stored XSS (persisted in the database), Reflected XSS (included in the HTTP response), and DOM-based XSS (executed through client-side JavaScript). XSS can be used to steal session cookies, redirect users to malicious sites, deface web pages, or perform actions on behalf of authenticated users. Modern frameworks provide some built-in protection, but edge cases in template rendering and client-side routing continue to create XSS opportunities. How APVISO tests for this: APVISO tests for all three XSS variants using context-aware payload generation. The pentester agent understands HTML contexts (attribute values, script blocks, event handlers) and generates payloads that bypass common WAF rules and framework-level sanitization. Related Terms ------------- [OWASP Top 10](/glossary/owasp-top-10)[SQL Injection](/glossary/sql-injection)[Clickjacking](/glossary/clickjacking) Test your applications for cross-site scripting (xss) vulnerabilities --------------------------------------------------------------------- APVISO's AI agents automatically test for this and many more vulnerability categories. [Contact sales](/contact) [APVISO](/)Autonomous AI-powered penetration testing for modern web applications. Subscribe [](https://github.com/apviso)[](https://x.com/Apviso_com)[](https://www.linkedin.com/company/apviso/) [![Featured on Good AI Tools](https://goodaitools.com/assets/images/badge.png)](https://goodaitools.com/ai/apviso) Product - [Features](/#features) - [Pricing](/pricing) - [Integrations](/integrations) - [Benchmarks](/#compare) - [Affiliate Program](/affiliate) - [Partners](/partners) - [Enterprise](/enterprise) Resources - [Blog](/blog) - [Use Cases](/use-cases) - [Glossary](/glossary) - [Comparisons](/comparisons) - [Alternatives](/alternatives) - [Compliance](/compliance) - [Vulnerabilities](/vulnerabilities) - [Industries](/industries) - [OWASP APTS](/trust/apts) Developers - [Knowledge Base](/docs) - [API Reference](/docs/api) - [MCP Server](/docs/mcp) Company - [About](/about) - [Contact](/contact) - [Status](https://status.apviso.com) - [Privacy Policy](/legal/privacy) - [Terms of Service](/legal/terms) © 2026 APVISO. All rights reserved.