New research by bug bounty firm HackerOne shows that cross-site scripting (XSS) vulnerabilities are still the most common type of security flaw found in web applications. XSS flaws can enable attackers to inject malicious code into websites in order to steal sensitive information from users.
Miju Han of HackerOne says that “of the $55 million that bug hunters in HackerOne’s program have earned so far in total, some $8 million has been from reporting XSS vulnerabilities alone.” While XSS attacks have been happening since the 1990s, many websites remain vulnerable, and Han believes that “XSS is here to stay.”
Read more: Cross-Site Scripting Errors Continue to Be Most Common Web App Flaw