XSS (Cross-Site Scripting)

XSS (Cross-Site Scripting) is a web application vulnerability in which attackers inject malicious JavaScript into pages viewed by other users. Three variants exist: reflected XSS, stored XSS, and DOM-based XSS. In an ISMS, XSS is a common risk for web applications, addressed through input validation, output encoding, and Content Security Policy (CSP). A WAF can provide additional protection. XSS regularly features in the OWASP Top 10.