← Back to Topics

XSS Vulnerabilities

Discussions center on a website or demo site's vulnerability to cross-site scripting (XSS) attacks, with users reporting exploits like injected JavaScript alerts and urging fixes.

➡️ Stable 0.7x Security

3,393

Comments

20

Years Active

5

Top Authors

#4015

Topic ID

Activity Over Time

2007

8

2008

60

2009

104

2010

208

2011

218

2012

149

2013

261

2014

255

2015

174

2016

245

2017

229

2018

220

2019

178

2020

212

2021

191

2022

136

2023

179

2024

145

2025

210

2026

11

Top Contributors

tptacek (57) simonw (23) homakov (22) mike-cardwell (20) nbpoole (18)

Keywords

NoScript HttpOnly JS DOCTYPE python.org P2P index.php discord.com USG DNS xss vulnerability xml javascript site session scripting exploit attacks injected

Sample Comments

uaygsfdbzf • Feb 16, 2014 • View on HN

Ehh.. that's some serious XSS vulnerability there.

cm-t • Nov 14, 2013 • View on HN

Ooups, someone has having success with XSS :/

7ewis • Nov 19, 2018 • View on HN

Looks like someone has tested XSS there already.

chromagnon • Apr 15, 2017 • View on HN

Potential for XSS attacks is fairly large. Be careful out there.

UweSchmidt • Jun 2, 2021 • View on HN

What's the story about the XSS vulnerability? If this is the right time for that...

AndyKelley • Jun 17, 2010 • View on HN

he's just complaining about XSS.

nautical • Aug 9, 2015 • View on HN

People ... It still has XSS issues ..

darkarmani • Jul 17, 2013 • View on HN

Doesn't this mean you can do any kind of cross-site scripting? Like redirect to goatse.cx?

paulddraper • Oct 28, 2024 • View on HN

The potential cost is an XSS vuln.

juretriglav • Feb 18, 2016 • View on HN

Your demo needs fixing, it's open to XSS and that has been tried and tested, as expected for this crowd. :)