# Cross-Site Scripting **MITRE ATTACK layer: Initial Access** Cross-Site Scripting (XSS) is a web application attack where an attacker injects malicious client-side scripts into trusted websites that are then executed in a user’s browser. It exploits improper input validation and output encoding rather than flaws in the browser itself. ## How is Cross-Site Scripting abused Attackers inject malicious JavaScript through input fields, URLs, or stored content that a web application fails to sanitize. When a victim loads the affected page, the script executes in the context of the trusted site, allowing attackers to steal session cookies, capture credentials, manipulate page content, or perform actions on behalf of the user. ## Why Cross-Site Scripting matters Cross-Site Scripting enables attackers to hijack authenticated user sessions without breaching the server. A successful XSS attack can lead to account takeover, unauthorized transactions, data theft, or serve as a stepping stone for broader compromise of enterprise web applications. ## Real-world example #### In late 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an actively exploited cross-site scripting (XSS) vulnerability — CVE-2021-26829 — in the OpenPLC ScadaBR industrial control system to its Known Exploited Vulnerabilities (KEV) catalog. Threat activity associated with this flaw included web-based script injection that allowed attackers to manipulate the system’s web interface, demonstrating live exploitation of XSS in operational technology environments. Security teams were urged to patch and mitigate by December 2025 due to confirmed exploitation in the wild. [Source](https://www.cisa.gov/news-events/alerts/2025/11/28/cisa-adds-one-known-exploited-vulnerability-catalog) ## Related topics ### SQL Injection [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/sql-injection.html) ### Web Session Cookie Theft [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/web-session-cookie-theft.html) ### Drive-by Download Attack [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/drive-by-download-attack.html) ## Additional Resources ### Achieve 442% ROI and reduce patching time by 95% — Forrester TEI Report See how organizations gained 442% ROI and major efficiency improvements with Endpoint Central. [Read more](https://www.manageengine.com/products/desktop-central/forrester-total-economic-impact-uems.html?utm_source=ec-attackglossary) ### Experience enterprise-grade protection proven in real-world tests — AV-Comparatives Report Discover how Endpoint Central’s antivirus earned recognition through rigorous, real-world security validation in just eight months. [Read more](https://www.manageengine.com/products/desktop-central/malware-protection-av-comparatives-dec2025.html?utm_source=ec-attack_glossary) ### Simplify endpoint security and build cyber resilience — Endpoint Security For Dummies Get a clear, practical guide to understanding threats and strengthening your organization’s security. [Read more](https://www.manageengine.com/products/desktop-central/endpoint-security-for-dummies.html?utm_source=ec_attack-glossary)