Cross Site Scripting (XSS)

What is Cross Site Scripting (XSS)?
Cross Site Scripting (XSS) is the process of adding malicious code to a real website in order to maliciously collect user information. XSS attacks are possible through security holes in web applications and are often exploited by introducing a client-side script. Although JavaScript is typically used, some attackers also use VBScript, ActiveX, or Flash.

If an XSS vulnerability is successfully exploited, the server application could be at serious risk. For example, while viewing dynamically generated pages, users can be tricked into executing malicious scripts. Another possibility is for an attacker to take over a user session before the corresponding session cookie expires. In another case, innocent users can be connected to a malicious server.

In virtually all scenarios, a victim's system is attacked by using the victim's privileges himself. The attacks can then lead to account hijacking, Cookie theft, false advertising and changes in the user settings of the victim account.

One way to mitigate the risks of XSS exploits is to disable active scripting in browsers. Unfortunately, this also means that a browser can no longer run dynamic websites and is not a realistic solution for most users.

Was the explanation to "Cross Site Scripting (XSS)"Helpful? Rate now:

Further explanations for the initial letter C