The Exploit

Notes from the Front Lines of Penetration Testing

Introduction to Cross-Site Scripting

Introduction to Cross-Site Scripting

Written by

Raxis Administrator

Cross-site scripting (XSS) has been a popular finding for me in 2021, discovering five XSS vulnerabilities that have been assigned CVEs. Additionally, it’s been present on recent application testing as well, so I thought it would be beneficial to cover XSS in more depth.

This video is the first in a series of blog posts that will describe various cross-site scripting attacks, remediations, and specific areas to look out for that I have seen overlooked in the sanitization of user-supplied data. This video covers the basics of cross-site scripting, including reflected, stored, and DOM-based XSS. Additionally, I’ll discuss remediation to protect against these attacks. Future videos will cover filter evasion and side-loading payloads, as well as cookie theft and advanced payloads.

I hope this video and the ones that follow give you a better idea about how cross-site scripting works, why it’s dangerous, and how to prevent it from happening to your company.

Want to learn more? Take a look at the second part in our Cross-Site Scripting Series.

Written by

Raxis Administrator

Raxis Administrator

Posted on

Categories: ,

Also by Raxis Administrator
  • CVE-2022-35739: PRTG Network Monitor Cascading Style Sheets (CSS) Injection
  • CVE-2022-26653 & CVE-2022-26777: ManageEngine Remote Access Plus Guest User Insecure Direct Object References
  • CVE-2022-25373: ManageEngine Support Center Plus Stored Cross-Site Scripting (XSS)
  • Raxis Supports Pensacola ROV Team

Human Vs AI Pentesting

While AI tools offer speed in detecting known vulnerabilities, they fall short with 20-35% false positives and only 50-65% success on complex threats like business logic flaws, as per mainstream reports from Verizon and OWASP. Human penetration testers at Raxis deliver 85-90% detection rates, precise prioritization, and ethical adaptability, ensuring your organization stays ahead of real-world attacks.

Learn More

Partner With Raxis

Partnering with Raxis empowers your business with elite penetration testing services, competitive reseller pricing, and recurring revenue opportunities, all backed by a proven track record of excellence and a commitment to staying ahead of evolving cybersecurity threats.

Learn More

Penetration Testing

Tailored, expert-led penetration testing services that uncovers hidden vulnerabilities using real-world hacker techniques, providing actionable insights to strengthen your defenses and protect against sophisticated cyber threats.

Learn More

Read More From The Exploit

  • Dangers of Storing Sensitive Data in Web Storage: 5 Real Attack Scenarios

    Dangers of Storing Sensitive Data in Web Storage: 5 Real Attack Scenarios
    By Ryan Chaplin • August 26, 2025
    Read More
  • PSE & Red Team Series: The Power of Grip to Enhance the Under-Door Tool

    PSE & Red Team Series: The Power of Grip to Enhance the Under-Door Tool
    By Brad Herring • August 12, 2025
    Read More
  • Choosing a Penetration Testing Company: Part 3

    Choosing a Penetration Testing Company: Part 3
    By Caroline Kelly • July 29, 2025
    Read More
  • Microsoft Releases Security Patch for Actively Exploited On-Premises SharePoint Vulnerabilities

    Microsoft Releases Security Patch for Actively Exploited On-Premises SharePoint Vulnerabilities
    By Jason Taylor • July 22, 2025
    Read More

Ready to See Raxis One In Action?

See how we transform traditional pen testing into interactive security intelligence that keeps you informed every step of the way. From real-time attack progression to detailed remediation guidance, Raxis One gives you unprecedented visibility into your security posture as it’s being tested.

Schedule a Demo