xss
Safeguard articles tagged "xss" — guides, analysis, and best practices for software supply chain and application security.
32 articles
OWASP A03: Injection Explained — A Deep-Dive Guide
Injection ranks #3 in the OWASP Top 10 (2021) and now includes XSS. A deep dive into SQLi, command injection, real CVEs, and how to detect and fix it in 2026.
Cross-Site Scripting (XSS): A Prevention Guide
XSS lets an attacker run their JavaScript in your users' browsers — stealing sessions, rewriting pages, and pivoting to account takeover. This guide covers the three XSS types and the defenses that actually hold.
GitHub Copilot code security: XSS vulnerabilities found in React
Copilot commonly suggests dangerouslySetInnerHTML and unsanitized DOM writes in React. Here's the data on AI-generated XSS risk and how to catch it.
AngularJS security fundamentals
AngularJS has been unpatched since January 2022, yet it still runs in production. Here's the CVE history, the sandbox saga, and how to find your exposure.
What is Cross-Site Scripting (XSS)
XSS lets attackers inject malicious JavaScript into trusted pages. Learn how stored, reflected, and DOM-based XSS work, real breaches, and defenses.
Secure Patterns for LLM Output Handling in 2026
LLM02 on the OWASP LLM Top 10 keeps quietly producing incidents because downstream systems trust model outputs they should not. Concrete patterns that hold up.
How Attackers Use JavaScript: Common Client-Side Attack Techniques
Using JavaScript for hacking rarely means writing exotic exploits — it means abusing the same DOM APIs, event handlers, and third-party scripts every legitimate site relies on.
Jinja2 xmlattr filter XSS (CVE-2024-22195)
CVE-2024-22195 lets attacker-controlled dict keys bypass Jinja2's xmlattr escaping for XSS. Learn affected versions, CVSS/EPSS context, and fixes.
Cross-site scripting (XSS) explained for developers
XSS has topped vulnerability lists for two decades. Here's how reflected, stored, and DOM-based XSS actually work, real incidents, and how to fix them.
CVE-2020-7676: XSS in vue-template-compiler
CVE-2020-7676 is an XSS flaw in vue-template-compiler (pre-2.6.12) that lets attacker-controlled templates bypass URI sanitization. Impact, fix, and remediation.
CVE-2020-27783: Cross-site scripting bypass in lxml html ...
CVE-2020-27783 lets attackers bypass lxml's html.clean.Cleaner sanitizer to smuggle XSS past HTML cleaning. Here's what's affected and how to remediate it.
jQuery 3.6.0 Vulnerabilities: What Is Actually Exploitable
Scanners keep flagging jQuery 3.6.0 as vulnerable — but jQuery core in that version has no known direct CVEs. Here is what the alerts really mean and where the exploitable risk actually lives.