From bb0482dda5d0a2bdf4b692ddb358908ba44dcf5e Mon Sep 17 00:00:00 2001 From: DanSmith8011 Date: Thu, 6 Nov 2025 19:32:39 +0000 Subject: [PATCH] Add Cross-Site Scripting (XSS) entry --- content/x/cross-site-scripting/index.md | 60 +++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 content/x/cross-site-scripting/index.md diff --git a/content/x/cross-site-scripting/index.md b/content/x/cross-site-scripting/index.md new file mode 100644 index 00000000000..3351b5c56ee --- /dev/null +++ b/content/x/cross-site-scripting/index.md @@ -0,0 +1,60 @@ + +cat > content/x/cross-site-scripting/index.md + + + +--- +Title: Cross-Site Scripting (XSS) +Short Description: A type of web security vulnerability where attackers inject malicious scripts into websites viewed by other users. +--- + +## Definition +Cross-Site Scripting (XSS) is a security vulnerability that lets attackers inject client-side scripts into web pages viewed by other users. These scripts run in the victims’ browsers and can steal cookies, tokens or manipulate page content. + +## Types of XSS +### Stored XSS +Malicious scripts are permanently stored on the server (for example, in a database) and later served to users. + +### Reflected XSS +Scripts are injected via a URL or request and reflected back by the server in the response (e.g., in search results). + +### DOM-based XSS +Vulnerabilities exist entirely in client-side JavaScript: the page’s DOM is modified with attacker data without proper sanitisation. + +## Minimal vulnerable example +```html + + +

+ + + +## Example safe fix (same example) +```html + + + +After pasting that, **press `Ctrl + D`** in Git Bash. + +✅ That will save the file as `index.md` in the folder `content/x/cross-site-scripting`. + +Once saved, we can **stage, commit, and push** it to GitHub. + +Do you want me to guide you through that next? +[ \ No newline at end of file