It all started on the 2nd of February 2000 with the CERT Advisory CA-2000-02:

Malicious HTML Tags Embedded in Client Web Requests This advisory is being published jointly by the CERT Coordination Center, DoD- CERT, the DoD Joint Task Force for Computer Network Defense (JTF-CND), the Federal Computer Incident Response Capability (FedCIRC), and the National Infrastructure Protection Center (NIPC).

Initially named "cross-site" scripting, it was shortened with CSS; however, when people started to confuse it with its "homonymous", Cascading Style Sheets, someone on a mailing list proposed to use the XSS abbreviation. That was all it took, and the name stuck.

• Cross-Site Scripting
• XSS Attacks
• Exotic XSS Vectors

Keylogging

From an XSS to a SQL Injection

Website Cloning

Lab: XSS