14 · Shipping & Collaboration
XSS
Cross-Site Scripting
An attack where hostile script runs in another user’s browser—often because untrusted HTML was rendered without escaping.
Concrete example
Echoing a raw comment field into the page can let an attacker steal a session cookie.
Why it matters
The frontend twin of SQL injection in agent-generated UI.