Introduction to Cross-Site Scripting

Categories: ,

Posted on

By

Raxis Administrator

Introduction to Cross-Site Scripting

This video covers the basics of cross-site scripting, including reflected, stored, and DOM-based XSS as well as remediation to protect against these attacks.

Cross-site scripting (XSS) has been a popular finding for me in 2021, discovering five XSS vulnerabilities that have been assigned CVEs. Additionally, it’s been present on recent application testing as well, so I thought it would be beneficial to cover XSS in more depth.

This video is the first in a series of blog posts that will describe various cross-site scripting attacks, remediations, and specific areas to look out for that I have seen overlooked in the sanitization of user-supplied data. This video covers the basics of cross-site scripting, including reflected, stored, and DOM-based XSS. Additionally, I’ll discuss remediation to protect against these attacks. Future videos will cover filter evasion and side-loading payloads, as well as cookie theft and advanced payloads.

I hope this video and the ones that follow give you a better idea about how cross-site scripting works, why it’s dangerous, and how to prevent it from happening to your company.

Want to learn more? Take a look at the second part in our Cross-Site Scripting Series.

Written by

Raxis Administrator

Human Expertise Outsmarts AI in Pentesting

While AI tools offer speed in detecting known vulnerabilities, they fall short with 20-35% false positives and only 50-65% success on complex threats like business logic flaws, as per mainstream reports from Verizon and OWASP. Human penetration testers at Raxis deliver 85-90% detection rates, precise prioritization, and ethical adaptability, ensuring your organization stays ahead of real-world attacks.

Learn About AI

Partner With Raxis

Partnering with Raxis empowers your business with elite penetration testing services, competitive reseller pricing, and recurring revenue opportunities, all backed by a proven track record of excellence and a commitment to staying ahead of evolving cybersecurity threats.

Learn About Raxis Partner

Raxis Attack

Continuous, expert-led PTaaS combined with advanced automation to uncover and address hidden vulnerabilities, ensuring your business stays ahead of evolving cyber threats while maintaining regulatory compliance.

Learn About AI

Raxis Strike

Tailored, expert-led penetration testing that uncovers hidden vulnerabilities using real-world hacker techniques, providing actionable insights to strengthen your defenses and protect against sophisticated cyber threats.

Learn About Strike

Like what you’ve learned from Raxis?

Contact us to receive an expert-led penetration test, and we’ll also show you step-by-step how to recreate our attack against your own systems.

Article Tags

Categories

,

More From Raxis

  • Choosing a Penetration Testing Company: Part 2

    Choosing a Penetration Testing Company: Part 2
    By Brad Herring • July 1, 2025
    Read More
  • Wireless Series: Using Wifite to Capture and Crack a WPA2 Pre-Shared Key

    Wireless Series: Using Wifite to Capture and Crack a WPA2 Pre-Shared Key for Penetration Testing
    By Scottie Cole • June 17, 2025
    Read More
  • Jailbreak Journey: Transforming an iPad for Mobile App Penetration Testing

    Jailbreak Journey: Transforming an iPad for Mobile App Penetration Testing
    By Jason Taylor • June 3, 2025
    Read More
  • Cisco Releases Patch for CVE-2025-20188 - 10.0 CVSS

    Cisco Releases Patch for CVE-2025-20188 – 10.0 CVSS
    By Scottie Cole • May 8, 2025
    Read More