How to Fix Cross-site Scripting Vulnerabilities

Websites often accept user input for the application to display on the screen. If the application is not careful enough with its treatment of user (attacker) input, it is possible for an attacker to inject malicious data, which when displayed on the screen can execute HTML or JavaScript code in the user’s browser.

This vulnerability allows an attacker to either permanently or temporarily inject client-side code into the target website. This code executes when the page is loaded by the victim and the client-side code may carry out activities such as: stealing cookies/sessions, modifying the page contents, logging key strokes, etc.

There are two types of Cross-site Scripting:

  • Temporary XSS
  • Persistant XSS

How do I fix Cross-site Scripting?

The following posts provided specific details for fixing Cross-site Scripting vulnerabilities in various programming languages and through a variety of methods.