How a JavaScript Worm Hijacked Wikipedia via User Scripts

In March 2026 a self‑propagating JavaScript worm exploited MediaWiki's user‑script feature to modify common.js files across multiple Wikimedia projects, vandalizing pages, inserting malicious redirects, and highlighting the security risks of user‑generated code on collaborative platforms.

Cross-site scriptingJavaScript wormMediaWiki security

0 likes · 9 min read

How a JavaScript Worm Hijacked Wikipedia via User Scripts

IT Services Circle

Jul 25, 2023 · Information Security

Exploiting XSS Vulnerabilities and Same‑Origin Policy to Upgrade Risk Levels

This article explains how to combine reflected and stored cross‑site scripting attacks with same‑origin policy abuse to turn a low‑severity XSS vulnerability into a high‑severity issue, detailing discovery, exploitation steps, and a JavaScript payload that harvests user data.

Cross-site scriptingSame-Origin PolicyWeb Security

0 likes · 8 min read

Exploiting XSS Vulnerabilities and Same‑Origin Policy to Upgrade Risk Levels

Full-Stack Internet Architecture

Dec 23, 2020 · Information Security

Comprehensive Summary of XSS (Cross‑Site Scripting) Attacks and Defenses

This article provides a comprehensive overview of Cross‑Site Scripting (XSS), covering its definition, impact, underlying mechanisms, classification, common injection vectors, defensive strategies, practical Q&A, and a curated list of reference resources for developers and security professionals.

Cross-site scriptingXSSfrontend security

0 likes · 16 min read

Comprehensive Summary of XSS (Cross‑Site Scripting) Attacks and Defenses

Full-Stack Internet Architecture

Oct 12, 2020 · Information Security

Comprehensive Summary of XSS (Cross‑Site Scripting) Attacks and Defenses

This article provides a comprehensive overview of Cross‑Site Scripting (XSS), explaining its definition, dangers, underlying mechanisms, classification into stored, reflected, and DOM‑based types, common injection vectors, and practical defense strategies, while also addressing common questions and resources for further learning.

Cross-site scriptingWeb SecurityXSS

0 likes · 11 min read

Tencent IMWeb Frontend Team

May 14, 2017 · Information Security

Mastering XSS: A Complete Guide to Understanding and Preventing Cross‑Site Scripting

This comprehensive tutorial explains what XSS is, describes the three main attack types, illustrates how malicious scripts are injected and executed, and provides practical strategies—including encoding, validation, and Content Security Policy—to defend web applications against cross‑site scripting vulnerabilities.

Content Security PolicyCross-site scriptingXSS

0 likes · 28 min read

Mastering XSS: A Complete Guide to Understanding and Preventing Cross‑Site Scripting

Java High-Performance Architecture

Oct 8, 2015 · Information Security

Understanding XSS: Types, Exploits, and Effective Defenses

This article explains what Cross‑Site Scripting (XSS) is, distinguishes non‑persistent and persistent attacks with real‑world URL examples, and outlines practical defense strategies such as proper escaping, character‑set handling, and content‑type settings to protect web applications.

Cross-site scriptingXSSdefense

0 likes · 4 min read

Understanding XSS: Types, Exploits, and Effective Defenses