XSS
XSS (Cross-Site Scripting) occurs when untrusted input is rendered as HTML/JS; output encoding and CSP reduce risk.
XSS happens when an attacker gets untrusted content executed in a victim’s browser (often via HTML/JavaScript injection).
- Mitigation: output encoding, input validation
- Avoid unsafe HTML rendering
- Use Content Security Policy (CSP)