Safeguard
Tag

xss

Safeguard articles tagged "xss" — guides, analysis, and best practices for software supply chain and application security.

32 articles

Security Guides

OWASP A03: Injection Explained — A Deep-Dive Guide

Injection ranks #3 in the OWASP Top 10 (2021) and now includes XSS. A deep dive into SQLi, command injection, real CVEs, and how to detect and fix it in 2026.

Jul 2, 20266 min read
Vulnerability Guides

Cross-Site Scripting (XSS): A Prevention Guide

XSS lets an attacker run their JavaScript in your users' browsers — stealing sessions, rewriting pages, and pivoting to account takeover. This guide covers the three XSS types and the defenses that actually hold.

Jul 1, 20265 min read
AI Security

GitHub Copilot code security: XSS vulnerabilities found in React

Copilot commonly suggests dangerouslySetInnerHTML and unsanitized DOM writes in React. Here's the data on AI-generated XSS risk and how to catch it.

Jun 13, 20267 min read
Application Security

AngularJS security fundamentals

AngularJS has been unpatched since January 2022, yet it still runs in production. Here's the CVE history, the sandbox saga, and how to find your exposure.

May 26, 20267 min read
Vulnerability Analysis

What is Cross-Site Scripting (XSS)

XSS lets attackers inject malicious JavaScript into trusted pages. Learn how stored, reflected, and DOM-based XSS work, real breaches, and defenses.

Apr 1, 20267 min read
Application Security

Secure Patterns for LLM Output Handling in 2026

LLM02 on the OWASP LLM Top 10 keeps quietly producing incidents because downstream systems trust model outputs they should not. Concrete patterns that hold up.

Mar 4, 20265 min read
AppSec

How Attackers Use JavaScript: Common Client-Side Attack Techniques

Using JavaScript for hacking rarely means writing exotic exploits — it means abusing the same DOM APIs, event handlers, and third-party scripts every legitimate site relies on.

Feb 10, 20266 min read
Vulnerability Analysis

Jinja2 xmlattr filter XSS (CVE-2024-22195)

CVE-2024-22195 lets attacker-controlled dict keys bypass Jinja2's xmlattr escaping for XSS. Learn affected versions, CVSS/EPSS context, and fixes.

Dec 26, 20257 min read
Vulnerability Analysis

Cross-site scripting (XSS) explained for developers

XSS has topped vulnerability lists for two decades. Here's how reflected, stored, and DOM-based XSS actually work, real incidents, and how to fix them.

Dec 14, 20257 min read
Vulnerability Analysis

CVE-2020-7676: XSS in vue-template-compiler

CVE-2020-7676 is an XSS flaw in vue-template-compiler (pre-2.6.12) that lets attacker-controlled templates bypass URI sanitization. Impact, fix, and remediation.

Oct 10, 20257 min read
Vulnerability Analysis

CVE-2020-27783: Cross-site scripting bypass in lxml html ...

CVE-2020-27783 lets attackers bypass lxml's html.clean.Cleaner sanitizer to smuggle XSS past HTML cleaning. Here's what's affected and how to remediate it.

Oct 2, 20257 min read
Vulnerabilities

jQuery 3.6.0 Vulnerabilities: What Is Actually Exploitable

Scanners keep flagging jQuery 3.6.0 as vulnerable — but jQuery core in that version has no known direct CVEs. Here is what the alerts really mean and where the exploitable risk actually lives.

May 7, 20256 min read
xss (Page 2) — Safeguard Blog