What is a cross-site scripting (XSS) vulnerability?
XSS: an attacker injects script that the application includes in pages served to others. The script runs with the victim's session, enabling cookie theft, account takeover, or defacement.
2 / 5
What is the difference between stored and reflected XSS?
Stored vs reflected: stored (persistent) XSS is saved server-side (e.g., a malicious comment) and served to many users. Reflected XSS bounces a payload from the request (e.g., a search term) back into the response.
3 / 5
What is the primary defense against XSS?
Output encoding: escaping user data appropriately for its context (HTML, attribute, JS, URL) so it is rendered as text, not executed. Modern frameworks auto-escape by default, which prevents most XSS.
4 / 5
Why is DOM-based XSS distinct from server-side XSS?
DOM XSS: occurs when client-side JS takes attacker-controlled input (e.g., from location.hash) and writes it to a dangerous sink like innerHTML. The payload may never reach the server, so server-side filtering misses it.
5 / 5
How does a Content Security Policy (CSP) mitigate XSS?
CSP: a defense-in-depth layer that whitelists allowed script origins and can forbid inline scripts. Even if an attacker injects markup, the browser refuses to run script that violates the policy.