# xss

標記為「xss」的 10 篇文章

XSS Vulnerabilities from AI-Generated Code

Analysis of cross-site scripting patterns produced by LLM code generation, covering DOM XSS, reflected XSS, and framework-specific bypass patterns.

code-gen-securityxssweb-securityllm-vulnerabilities

入門

CWE Mapping for AI-Generated Vulnerabilities

Common AI-generated vulnerabilities mapped to CWE identifiers with real examples: SQL injection (CWE-89), XSS (CWE-79), path traversal (CWE-22), command injection (CWE-78), and hardcoded credentials (CWE-798).

cwesql-injectionxsspath-traversalcommand-injectionhardcoded-credentialsvulnerability-patterns

中級

AI Application Security

Methodology for exploiting LLM application vulnerabilities: output handling injection (XSS, SQLi, RCE), authentication bypass, session manipulation, and integration-layer attacks.

application-securityxsssqlicommand-injectionauth-bypasssession-attackswebhooksllm-apps

專家

Output Handling Exploits

Deep dive into XSS, SQL injection, command injection, SSTI, and path traversal attacks that weaponize LLM output as an injection vector against downstream systems.

xsssqlicommand-injectionsstipath-traversaloutput-handlingllm-appsinjection

進階

Code Injection via Markdown

Injecting executable payloads through markdown rendering in LLM outputs, exploiting the gap between text generation and content rendering in web-based LLM interfaces.

prompt-injectionmarkdowncode-injectionxssred-teamingintermediate

中級

XSS Vulnerabilities from AI-Generated Code

Analysis of cross-site scripting patterns produced by LLM code generation, covering DOM XSS, reflected XSS, and framework-specific bypass patterns.

code-gen-securityxssweb-securityllm-vulnerabilities

入門

AI 生成漏洞之 CWE 對映

常見 AI 生成漏洞對映至 CWE 識別碼——附真實範例：SQL 注入（CWE-89）、XSS（CWE-79）、路徑穿越（CWE-22）、命令注入（CWE-78）與硬編碼憑證（CWE-798）。