Cross-Site Scripting (XSS)
XSS is one of the most prevalent web vulnerabilities. Attackers inject malicious JavaScript into web pages, compromising user sessions, stealing credentials, and performing unauthorized actions.
HIGH SEVERITYOWASP Top 10 #3CWE-793 Contexts
π§ͺ Interactive XSS Lab
Select an XSS context, choose an attack type, and practice with real-world payloads in a safe environment
Select XSS Context
Choose an XSS context to practice different attack vectors
πΎ
Stored XSS
Persistent XSS attacks where malicious scripts are stored in the database and executed when other users view the page
INTERMEDIATE10 attack
π
Reflected XSS
Non-persistent XSS where malicious script is reflected off the web server in search results, error messages, or other responses
BEGINNER10 attack
π
DOM-based XSS
Client-side XSS where the vulnerability exists in client-side JavaScript code that processes user input
ADVANCED3 attack
π
Quick Reference
Always available while you work