Qxss

Qxss, often written as QXSS, is a term used in web security to describe a class of cross-site scripting flaws that originate from user-supplied data in URL query strings and are reflected into a web page without proper sanitization. The term emphasizes the role of query parameters in triggering the vulnerability, though Qxss can involve server- or client-side code that inserts these values into HTML, JavaScript, or attribute contexts.

Attackers exploit Qxss by crafting a URL containing a malicious payload in a query parameter, which the

Prevention relies on defense-in-depth: encode or escape all data derived from query parameters according to the

See also: Cross-site scripting, Reflected XSS, Content Security Policy, URL encoding.