Cross-site scripting (XSS or CSS) is a Web application attack used to gain access to private information by delivering malicious code to end-users via trusted Web sites. Typically, this type of attack is successful due to a Web application's lack of user input validation, allowing users to supply application code in HTML forms instead of normal text strings, for example.
The F5 BIG-IP® Application Security Manager application firewall sanitizes and validates user input in the application, both screening for known attack patterns and allowing only known data strings and formats to make it back to the application. By permitting only valid and authorized application transactions, BIG-IP Application Security Manager keeps malicious code from accessing the application servers, removing the burden of security and input validation from the application business logic.
F5 products that prevent Cross-Site Scripting: BIG-IP Application Security Manager