Safeguard
Tag

cross-site-scripting

Safeguard articles tagged "cross-site-scripting" — guides, analysis, and best practices for software supply chain and application security.

15 articles

Vulnerability Guides

Cross-Site Scripting (XSS): A Prevention Guide

XSS lets an attacker run their JavaScript in your users' browsers — stealing sessions, rewriting pages, and pivoting to account takeover. This guide covers the three XSS types and the defenses that actually hold.

Jul 1, 20265 min read
Vulnerability Analysis

What is Cross-Site Scripting (XSS)

XSS lets attackers inject malicious JavaScript into trusted pages. Learn how stored, reflected, and DOM-based XSS work, real breaches, and defenses.

Apr 1, 20267 min read
Vulnerability Analysis

What is Output Encoding

Output encoding neutralizes untrusted data before it reaches a browser or database -- the last line of defense against XSS, and most teams still get it wrong.

Jan 28, 20267 min read
Vulnerability Analysis

Cross-site scripting (XSS) explained for developers

XSS has topped vulnerability lists for two decades. Here's how reflected, stored, and DOM-based XSS actually work, real incidents, and how to fix them.

Dec 14, 20257 min read
Vulnerability Analysis

CVE-2020-11023: XSS in jQuery option/script tag handling

CVE-2020-11023 let untrusted HTML with option tags bypass sanitization in jQuery's DOM methods, enabling XSS. Here's the fix, timeline, and remediation.

Oct 15, 20258 min read
Vulnerability Analysis

CVE-2015-9251: jQuery cross-domain AJAX XSS

CVE-2015-9251 lets attackers exploit jQuery's cross-domain AJAX handling to run arbitrary script. Learn affected versions, risk context, and fixes.

Oct 15, 20257 min read
Vulnerabilities

DOM-Based XSS: Finding and Fixing Client-Side Injection

DOM XSS never touches your server, so response scanners miss it. Here is how to trace sources to sinks in client code and shut the flaw down.

Aug 14, 20255 min read
Vulnerabilities

Stored XSS: Why Persistent Injection Hurts Most

Stored XSS saves the attacker's script server-side and serves it to everyone. Here is why persistent injection is the most damaging XSS variant and how to stop it.

Jun 3, 20256 min read
Vulnerabilities

XSS Examples: Real Payloads and How They Execute

Concrete XSS examples across HTML, attribute, and JavaScript contexts, with the payloads that trigger them and why each one runs.

Apr 22, 20256 min read
Vulnerabilities

CVE-2011-4969: The jQuery XSS Bug, a Decade Later

CVE-2011-4969 is a cross-site scripting flaw in jQuery versions before 1.6.3, triggered by unsanitized attribute-selector input — it's a small, old bug, but the reasons it lingered in codebases for years are still relevant.

Nov 19, 20245 min read
Vulnerabilities

XSS Scripting Attacks: A Refresher for Engineers

XSS scripting attacks still make the OWASP Top 10 more than two decades after they were first documented, mostly because the fix is context-dependent and easy to get almost-right.

Aug 21, 20245 min read
Vulnerabilities

What Is XSS? Cross-Site Scripting Full Form and Basics

XSS is short for cross-site scripting, a vulnerability that lets attackers run malicious scripts in a victim's browser. Here's how it works, its three main types, and how it's actually caught.

May 14, 20245 min read
cross-site-scripting — Safeguard Blog