Salesforce Developer Development-Lifecycle-and-Deployment-Architect Question # 44 Topic 5 Discussion

 Cross-site scripting is the most common reason that the prospect AppExchange products fail the security review. Cross-site scripting (XSS) is a type of web application vulnerability that allows an attacker to inject malicious code into a web page that is viewed by other users. XSS can compromise the security and privacy of the users, as well as the functionality and performance of the application. Salesforce has strict security standards and policies for AppExchange products, and any product that has XSS vulnerabilities will not pass the security review. CRUD/FLS, session hacking, and SOQL injection are also security issues that can affect AppExchange products, but they are not as common or severe as XSS.