In this article, we will learn how to avoid Cross-Site Scripting attacks when we are posting our data through AJAX POST method in our application. This has some security implications however, as you’re allowing a potential open door to cross site scripting access for any incoming domain. A much better solution would be to specify the specific domains or “origins” that will be accessing the script. The below command specifies the HTTP response for a single domain only. Exploiting XSS in Ajax Web Applications April 12, 2012 by superevr in Security Following up on yesterdays post Pluck SiteLife software multiple XSS vulnerabilities, let's take a look at how to exploit XSS in JSON responses using Internet Explorer.