Select > Reports > Portal > Repository > Standard Content > OWASP > A 7 - Cross-Site Scripting.
Vulnerabilities associated with cross-site scripting (XSS) enable malicious users to inject code in legitimate web pages or applications that executes harmful scripts in the user’s web browser when the browser parses data. The scripts might hijack user sessions, deface web sites, or redirect users to harmful sites. A web application or web page becomes vulnerable when it includes untrusted data; data without proper validation or escaping; or data supplied by users through an API that can create HTML or JavaScript. XSS attacks tend to occur in forums, message boards, and web pages that allow comments. Malicious users can execute XSS attacks in VPSCript, ActiveX, Flash, and CSS. However, this type of injection attack most commonly occurs in JavaScript.
To identify XSS vulnerabilities in your environment, use the following report and dashboard:
Lists events associated with XSS vulnerabilities.
Provides charts and a table so you can review potential XSS vulernabilities in your environment by vulnerability type or the top vulnerable hosts.
To get a list of the top 10 hosts vulnerable to cross-site scripting attacks, run the XSS Vulnerabilities report.