ProfessionalCommunity Edition

Cross-site scripting (XSS)

Last updated: April 29, 2025
Read time: 1 Minute

Cross-site scripting (XSS) is a web security vulnerability that enables an attacker to manipulate a vulnerable web site so that it returns malicious JavaScript to users. Attackers can use malicious code to fully compromise a victim's interaction with the application.

You can use Burp Suite to test for a range of XSS vulnerabilities.

Tutorials in this section

Identifying reflected input.
Testing for DOM XSS with DOM Invader.
Testing for web message DOM XSS with DOM Invader
Testing for reflected XSS manually.
Testing for stored XSS.
Bypassing XSS filters by enumerating permitted tags and attributes.
Testing for blind XSS.