A system for monitoring and mitigating client-side exploitation of application flaws includes a server to operate a first application. The first application communicates with a client device operating a second application to execute an application flaw script. The application flaw script causes the client device to produce a first request associated with vulnerability of the first application. An application flaw service module, communicatively coupled to the server, receives the first request from the client device comprising transactional metadata based on the application flaw script and inspects the transactional metadata for malicious content within the first request.