Prevalence and Detectability

Second most prevalent issue in the OWASP Top 10.

• Found in around two thirds of all applications.

Tools can find some XSS problems automatically.

• Particularly in mature technologies.

  • PHP, J2EE / JSP, and ASP.NET.

Impact

Moderate for reflected and DOM XSS.

Severe for stored XSS.

• with remote code execution on the victim’s browser.

• stealing credentials, sessions.

• delivering malware to the victim.