NCAE Mapping Hub Authoritative cross-reference for DCWF, NCAE Knowledge Units, O*NET, and the EWU Cyber Operations program

Security+ · 2.0 Threats

Cross-Site Scripting (XSS)

A vulnerability where user input is rendered in a web page without escaping, letting an attacker run JavaScript in someone else's browser. Types: stored (persisted in the DB), reflected (bounced off a URL), DOM-based (client-side).

How this shows up at NCAE

Less directly scored at NCAE than SQLi, but comments/feedback forms on the web app often have it. Defense: output encoding via the template engine, Content-Security-Policy header.