/vulndb/Cross-site Scripting

XSS is a type of web application security vulnerability, which allows code injection by malicious web users into the web pages viewed by other users.

XSS vulnerabilities can be used to bypass access controls, steal data, craft phishing attacks, perform session hijacking and launch targeted browser exploits.

Solution

Sanitize all user-supplied input before using it as part of dynamically generated pages and data.

Caveats

An XSS payload might not work on every browser and many modern browsers come with basic XSS protection mechanisms enabled by default.

References

http://en.wikipedia.org/wiki/Cross-site_scripting