New: CheckVibe MCP server — scan from Claude Code and Cursor nativelyRead the docs
Find XSS vulnerabilities that could let attackers inject malicious scripts into your pages.
Overview
Cross-site scripting (XSS) allows attackers to inject malicious JavaScript into web pages viewed by other users. Our scanner tests for reflected, stored, and DOM-based XSS across all discovered endpoints, checking input fields, URL parameters, and dynamic content rendering.
What this scanner does
Injects XSS payloads into input fields, URL parameters, headers, and cookies. Tests for reflected XSS, DOM-based XSS, and identifies potential stored XSS vectors. Checks whether Content Security Policy headers properly mitigate injection risks.
Why it matters
XSS can steal session cookies, redirect users to phishing pages, deface your site, or distribute malware. It is the most common web vulnerability and affects virtually every web application that renders user input without proper sanitization.
Common findings
OWASP Top 10 coverage
Get a full security report with AI-powered fix suggestions in 30 seconds. No setup required.
Related checks
Vulnerability Detection
Detect SQL injection vulnerabilities in your web application before attackers exploit them.
Configuration Audit
Check if your site has the right HTTP security headers to prevent common attacks.
Vulnerability Detection
Test form fields and API inputs for proper validation and sanitization.
