juniorWeb Security

What is Cross-Site Scripting (XSS)?

Updated May 6, 2026

Short answer

XSS allows attackers to inject malicious scripts into web pages viewed by other users.

Deep explanation

XSS occurs when user input is not properly sanitized, allowing script execution in victim browsers. Types include stored, reflected, and DOM-based XSS.

Real-world example

Comment sections injecting JavaScript stealing cookies.

Common mistakes

  • Trusting user input without sanitization.

Follow-up questions

  • How to prevent XSS?
  • Difference between stored and reflected XSS?

More Web Security interview questions

View all →