Back to Glossary

Glossary Term

Reflected Cross-Site Scripting (XSS)

Unsanitized input is echoed in responses and executed inside the victim’s browser.

1 min read

Share this definition

Post it to your feed or send it to teammates.

Reflected Cross-Site Scripting (XSS)

1-minute read

What it is

Reflected XSS occurs when malicious input is immediately reflected in HTTP responses and executed by the browser.

Why it matters

Attackers can steal sessions, manipulate content, or redirect users via weaponized links, emails, or embedded content.

How to reduce risk

  • Encode output properly for the right context before rendering user input
  • Implement a strong Content Security Policy to limit script execution
  • Validate and sanitize input, including query parameters and headers

Related Terms: Content Security Policy, Web Application Firewall, Open Redirect

External Resources:

  • OWASP – Cross-Site Scripting (XSS): https://owasp.org/www-community/attacks/xss/