Skip to main content

Category: Web Exploits

Web Exploits

Browse threats in this category, plus related secure app guides and AI security pages. Each threat page focuses on how the risk shows up in the browser and what isolation changes.

At a glance

  • 3 threats in this category
  • Last updated: 2026-01-29

Common themes

  • webapp
  • browser
  • session
  • auth
  • clickjacking
  • csrf
  • data theft
  • fraud

Threats in Web Exploits

Clickjacking

Clickjacking is a UI trick that overlays or disguises elements so a user clicks something different from what they think they’re clicking.

Cross-site request forgery (CSRF)

Cross-site request forgery (CSRF) tricks a user’s browser into sending an authenticated request to a site without the user intending to.

Cross-site scripting (XSS)

Cross-site scripting (XSS) is when attackers inject JavaScript into a trusted website so it runs in users’ browsers under that site’s identity.

Keep exploring

All guides
Threats, secure apps, and AI security pages.
All browser threats
Browse threats by category and intent.
Secure apps directory
Secure browsing guides for top SaaS apps.
AI security guides
Prevent AI prompt leakage and prompt injection.