security en
Cross-site scripting
security
Also called: XSS
Plain-language definition
Plain-language definition
An injection flaw that makes untrusted script run in another user’s browser.
Why it matters
XSS can steal data, act as the user, or alter what the site displays.
Technical detail
Cross-site scripting occurs when untrusted content reaches an executable HTML or script context without context-appropriate encoding, sanitization, or policy controls.
Examples
- An unsanitized listing description injects a script into the marketplace page.
Related terms
Sources and review
Reviewed July 12, 2026 by [email protected]. Next review due January 11, 2027.
- Cross Site Scripting — OWASP Foundation Accessed 7/11/2026
See something we should improve?
Suggest a correction to “Cross-site scripting.” Suggestions are reviewed before the published definition changes.