Cross-Site Scripting (XSS) in Web Applications: A systematic literature review

Cross-Site Scripting (XSS) continues to be a prevalent and damaging vulnerability in web applications, leading attackers to inject harmful scripts that can put personal data at risk, hijack sessions, and change website content. This research provides a comprehensive literature overview of XSS attacks that classify them as stored, reflected, and DOM-based, and discuss how these attacks have evolved as web technology advanced. Traditional detection methods such as input validation and signature-based filters are becoming less and less effective against sophisticated, evasive payloads. As a result, researchers are beginning to utilize Machine Learning (ML) and Deep Learning (DL) methods as more adaptive and intelligent detection methods. This paper reviews different ML/DL models for XSS detection and examines their methods, datasets, feature engineering methods, and metrics for performance. Also pointed out are significant problems such as class imbalance, adversarial examples, and deployment barrier. This study combines current research so that gaps can be identified and future directions described to build effective, scalable, and real-time XSS detection systems. The study also points out that intelligent automation is crucial in protecting web applications against the increasingly sophisticated threat landscape.