Cross-Site Scripting (XSS) allows attackers to inject malicious scripts into web pages viewed by other users. It comes in three forms: Reflected XSS (malicious script in a URL parameter reflected back in the response), Stored XSS (malicious script saved in the application's database and served to every user who views the affected page), and DOM-based XSS (the vulnerability exists in client-side JavaScript rather than server-side code). The impact ranges from session hijacking and credential theft to complete account takeover. Modern frameworks like React and Angular provide built-in XSS protection through automatic output encoding, but bypasses exist โ particularly when developers use dangerouslySetInnerHTML or bypass sanitisation for rich content.
Technical2026-07-25
Cross-Site Scripting (XSS): Types, Impact, and Prevention for Singapore Enterprises
XSS remains one of the most prevalent web vulnerabilities. Understanding reflected, stored, and DOM-based XSS and how to test for each. Guidance for SG market.