XSS Cross Site Scripting

Dennis Faas's picture

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users.

XSS: Background

The expression "cross-site scripting" originated from the fact that a malicious web site could load another web site into another frame or window then use Javascript to read or write data on the other web site.

The definition gradually changed to mean the injection of HTML and Javascript into a web page.

Example of a Cross-site Scripting Attack

Examples of an XSS code include client-side scripts: I.E.: small programs that run on the end users' computer.

An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as an origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits.

Cross-site scripting carried out on websites were roughly 80% of all documented security vulnerabilities as of 2007. Often during an attack the user is unaware because everything looks legitimate to the end user. The end result, however, may lead to unauthorized access, theft of sensitive data, and financial loss.

This document is licensed under the GNU Free Documentation License (GFDL), which means that you can copy and modify it as long as the entire work (including additions) remains under this license.

Rate this article: 
No votes yet