Submit Your Paper
  1. Home
  2. Journals
  3. Journal of Cybersecurity and Information Management

Journal of Cybersecurity and Information Management

Journal DOI

https://doi.org/10.54216/JCIM

Submit Your Paper

2690-6775ISSN (Online) 2769-7851ISSN (Print)
Submit Your Paper

Journal Menu

Homepage Journal Overview Editorial Board Submitting Articles Indexing & Abstracting

Journal Volumes

Journal of Cybersecurity and Information Management

Volume 17 , Issue 2 , PP: 135-145, 2026 | Cite this article as | XML | Html | PDF | Full Length Article

Impact of XSS Attacks on Cybersecurity and Detection Approaches Using Machine Learning Techniques: A Survey

Ali Nafea Yousif 1 * , Ziyad Tariq Mustafa Al-Ta'i 2

  • 1 Department of Computer Science, College of Science, University of Diyala, Baqubah, Iraq; University of Information Technology and Communication, Baghdad, Iraq - (scicomphd232404@uodiyala.edu.iq)
  • 2 Department of Computer Science, College of Science, University of Diyala, Baqubah, Iraq - (ziyad1964tariq@uodiyala.edu.iq)

    • Doi: https://doi.org/10.54216/JCIM.170210

    Received: April 12, 2025 Revised: June 28, 2025 Accepted: August 22, 2025
    Abstract

    The dramatically increasing use of web applications and the rapid development of cloud services and interactive websites that provide integrated online services, relying on user data entry and server response, have been the primary drivers of the increase in cyber-attacks and threats, most notably cross-site scripting (XSS). Cross-site scripting attacks exploit available security vulnerabilities to inject malicious code, leading to numerous risks such as malware distribution, session hijacking, and data theft. Most traditional defense methods, such as input validation and output encoding, are reasonably ineffective against advanced threats. The advances in machine learning and artificial intelligence models have provided more accurate detection and prevention capabilities for these threats with significant accuracy. This study reviews the types and mechanisms of XSS attacks, existing mitigation techniques, and detection methods based on machine and deep learning. It also highlights several previous studies and related work on detecting and preventing these attacks, compares these works' performance using evaluation metrics and several aspects, identifies research gaps, and outlines future directions for improving XSS detection methods.

    Keywords :

    Cross-Site Scripting (XSS) , Cybersecurity , Machine learning , Web application security , AI-based threat detection

    References

    [1]    Ö. Aslan, S. S. Aktuğ, M. Ozkan-Okay, A. A. Yilmaz, and E. Akin, "A comprehensive review of cyber security vulnerabilities, threats, attacks, and solutions," Electronics, vol. 12, no. 6, p. 1333, 2023.

     

    [2]    "CWE Top 25 Most Dangerous Software Weaknesses," MITRE Corporation, SANS Institute. [Online]. Available: https://www.sans.org/top25-software-errors/. [Accessed: Mar. 10, 2025].

     

    [3]    "The OWASP Top 10 Project," OWASP Foundation. [Online]. Available: https://owasp.org/www-project-top-ten/. [Accessed: Mar. 11, 2025].

     

    [4]    "The OWASP Top 10 Project (GitHub Repository)," OWASP Foundation. [Online]. Available: https://github.com/owasp-top/owasp-top-2017. [Accessed: Mar. 11, 2025].

     

    [5]       L. Y. Chang and N. Coppel, "Building cyber security awareness in a developing country: Lessons from Myanmar," Comput. Secur., vol. 97, p. 101959, 2020.

     

    [6]       O. Ogbanufe, "Enhancing end-user roles in information security: Exploring the setting, situation, and identity," Comput. Secur., vol. 108, p. 102340, 2021.

     

    [7]       R. Alhamyani and M. Alshammari, "Machine learning-driven detection of cross-site scripting attacks," Information, vol. 15, no. 7, p. 420, 2024.

     

    [8]       C. Islam, M. A. Babar, R. Croft, and H. Janicke, "SmartValidator: A framework for automatic identification and classification of cyber threat data," J. Netw. Comput. Appl., p. 103370, 2022, doi: 10.1016/j.jnca.2022.103370.

     

    [9]       R. M. Wibowo and A. Sulaksono, "Web vulnerability through cross-site scripting (XSS) detection with OWASP security shepherd," Indones. J. Inf. Syst., vol. 3, no. 2, pp. 149–159, 2021.

     

    [10]    Crișan et al., "Detecting malicious URLs based on machine learning algorithms and word embeddings," in Proc. 2020 IEEE 16th Int. Conf. Intell. Comput. Commun. Process. (ICCP), Cluj-Napoca, Romania, 2020, pp. 187–193.

     

    [11]    G. E. Rodríguez, J. G. Torres, P. Flores, and D. E. Benavides, "Cross-site scripting (XSS) attacks and mitigation: A survey," Comput. Netw., vol. 166, p. 106960, 2020.

     

    [12]    S. J. Weamie, "Cross-site scripting attacks and defensive techniques: A comprehensive survey," Int. J. Commun. Netw. Syst. Sci., vol. 15, no. 8, pp. 126–148, 2022.

     

    [13]    E. Barlas, X. Du, and J. C. Davis, "Exploiting input sanitization for regex denial of service," in Proc. 44th Int. Conf. Softw. Eng., 2022, pp. 883–895.

     

    [14]    X. Wang, Y. Xu, and Z. Sun, "A hybrid dynamic testing technology source code XSS vulnerability detection method," in 2023 IEEE Smart World Congr. (SWC), 2023, pp. 1–6.

     

    [15]    H. Sarker, "Cyberlearning: Effectiveness analysis of machine learning security modeling to detect cyber-anomalies and multi-attacks," Internet Things, vol. 14, p. 100393, 2021.

     

    [16]    N. Kshetri et al., "algoXSSF: Detection and analysis of cross-site request forgery (XSRF) and cross-site scripting (XSS) attacks via machine learning algorithms," in Proc. 12th Int. Symp. Digit. Forensics Secur. (ISDFS), 2024, pp. 1–8.

     

    [17]    V. K. Malviya, S. Rai, and A. Gupta, "Development of web browser prototype with embedded classification capability for mitigating Cross-Site Scripting attacks," Appl. Soft Comput., vol. 102, p. 106873, 2021.

     

    [18]    Odun-Ayo et al., "An implementation of real-time detection of cross-site scripting attacks on cloud-based web applications using deep learning," Bull. Electr. Eng. Inform, vol. 10, no. 5, pp. 2442–2453, 2021.

     

    [19]    H. Yan et al., "Cross-site scripting attack detection based on a modified convolution neural network," Front. Comput. Neurosci., vol. 16, p. 981739, 2022.

     

    [20]    C. Gupta, R. K. Singh, and A. K. Mohapatra, "GeneMiner: A classification approach for detection of XSS attacks on web services," Comput. Intell. Neurosci., vol. 2022, Art. no. 3675821, 2022.

     

    [21]    X. Li et al., "An LSTM based cross-site scripting attack detection scheme for cloud computing environments," J. Cloud Comput., vol. 12, no. 1, p. 118, 2023.

     

    [22]    Odeh and A. A. Taleb, "XSSer: Hybrid deep learning for enhanced cross-site scripting detection," Bull. Electr. Eng. Inform, vol. 13, no. 5, pp. 3317–3325, 2024.

     

    [23]    R. Bakır and H. Bakır, "Swift detection of XSS attacks: Enhancing XSS attack detection by leveraging hybrid semantic embeddings and AI techniques," Arab. J. Sci. Eng., pp. 1–17, 2024.

     

    [24]    G. H. Luu et al., "XSShield: A novel dataset and lightweight hybrid deep learning model for XSS attack detection," Results Eng., vol. 24, p. 103363, 2024.

     

    [25]    O. Okusi, "Cyber security techniques for detecting and preventing cross-site scripting attacks," World J. Innov. Mod. Technol., vol. 8, no. 2, pp. 71–89, 2024.

     

    [26]    N. U. Bacha et al., "Deploying hybrid ensemble machine learning techniques for effective cross-site scripting (XSS) attack detection," Comput. Mater. Continua, vol. 81, no. 1, 2024.

     

    [27]    Z. Hu, J. Zhang, and H. Yang, "XSS Attack Detection Based on Multisource Semantic Feature Fusion," Electronics, vol. 14, no. 6, p. 1174, 2025.

     

    [28]    E. Oshoiribhor and J.-O. Adetokunbo, "XSS-Net: An Intelligent Machine Learning Model for Detecting Cross-Site Scripting (XSS) Attack in Web Application," 2025.

    Cite This Article As :
    Nafea, Ali. , Tariq, Ziyad. Impact of XSS Attacks on Cybersecurity and Detection Approaches Using Machine Learning Techniques: A Survey. Journal of Cybersecurity and Information Management, vol. , no. , 2026, pp. 135-145. DOI: https://doi.org/10.54216/JCIM.170210
    Nafea, A. Tariq, Z. (2026). Impact of XSS Attacks on Cybersecurity and Detection Approaches Using Machine Learning Techniques: A Survey. Journal of Cybersecurity and Information Management, (), 135-145. DOI: https://doi.org/10.54216/JCIM.170210
    Nafea, Ali. Tariq, Ziyad. Impact of XSS Attacks on Cybersecurity and Detection Approaches Using Machine Learning Techniques: A Survey. Journal of Cybersecurity and Information Management , no. (2026): 135-145. DOI: https://doi.org/10.54216/JCIM.170210
    Nafea, A. , Tariq, Z. (2026) . Impact of XSS Attacks on Cybersecurity and Detection Approaches Using Machine Learning Techniques: A Survey. Journal of Cybersecurity and Information Management , () , 135-145 . DOI: https://doi.org/10.54216/JCIM.170210
    Nafea A. , Tariq Z. [2026]. Impact of XSS Attacks on Cybersecurity and Detection Approaches Using Machine Learning Techniques: A Survey. Journal of Cybersecurity and Information Management. (): 135-145. DOI: https://doi.org/10.54216/JCIM.170210
    Nafea, A. Tariq, Z. "Impact of XSS Attacks on Cybersecurity and Detection Approaches Using Machine Learning Techniques: A Survey," Journal of Cybersecurity and Information Management, vol. , no. , pp. 135-145, 2026. DOI: https://doi.org/10.54216/JCIM.170210

    Article Statistics

    View
    65
    Download
    31

    Download