XSS Cross-site Scripting

Users submit executable code (javascript) into your system to be displayed to (and executed by) other users

1. HTMLEncode user input data before presenting it
2. Don't allow anything that can be rendered to be saved - if practical, no HTML in submissions.
3. Validate forms on the server