RepairYour.Tech
security en

Cross-site scripting

security

Also called: XSS

Plain-language definition

Plain-language definition

An injection flaw that makes untrusted script run in another user’s browser.

Why it matters

XSS can steal data, act as the user, or alter what the site displays.

Technical detail

Cross-site scripting occurs when untrusted content reaches an executable HTML or script context without context-appropriate encoding, sanitization, or policy controls.

Examples

  • An unsanitized listing description injects a script into the marketplace page.

Sources and review

Reviewed July 12, 2026 by e2e-1783854138445-0citu53rtqqe@test.repairyour.tech. Next review due January 11, 2027.

  1. Cross Site Scripting — OWASP Foundation Accessed 7/11/2026

See something we should improve?

Suggest a correction to “Cross-site scripting.” Suggestions are reviewed before the published definition changes.

Press ? for shortcuts