Cyber Security Academy · Lesson

Cross-Site Scripting (XSS)

Explore reflected, stored, and DOM-based XSS with real payloads and CSP mitigations.

What is XSS?

Cross-Site Scripting (XSS) occurs when an attacker injects malicious JavaScript into a web page viewed by other users. The browser executes the script in the context of the victim's session, enabling cookie theft, keylogging, and page manipulation.

Reflected XSS

Reflected XSS (non-persistent): the malicious script is included in the request (e.g., URL parameter) and reflected in the response. The victim must click a crafted link. Example: https://site.com/search?q=<script>alert(1)</script>

All lessons in this course

SQL Injection: How and Why It Works
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
Security Misconfiguration and Exposed Services

← Back to Cyber Security Academy