- A class of cross-site scripting vulnerability where seemingly safe or sanitized HTML content is transformed into malicious executable code through the browser’s parsing and rendering process. The attack exploits inconsistencies between how HTML sanitizers parse content and how browsers subsequently mutate that content (often through the
innerHTMLproperty), causing encoded or benign strings to become active XSS vectors after DOM manipulation. mXSS was discovered by Mario Heiderich and Gareth Heyes, with the vulnerability class first presented in 2013.
This term is sponsored by: your name/company?
- Previous term: Mutation
- Next term: Mutual authentication
- Random term: Obfuscation (webglossary.info/random 🎲)