internet.com
You are in the: Small Business Computing Channelarrow
Small Business Technology
» ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet |Refer-It
Webopedia.com
Enter a word for a definition... ...or choose a computer category.
 
 
menu
   Home
   Term of the Day
   New Terms
   Pronunciation
   New Links
   Quick Reference
   Did You Know?
   Categories
   Tech Support
   Technology Jobs
   About Us
   Link to Us
   Advertising

   rss/xmlrss/xml  

Become a Marketplace Partner



talk to us
   Submit a URL
   Suggest a Term
   Report an Error
internet.com
IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers
commerce
  Be a Commerce Partner
 
 
 
 
 
 
 
 
 
 
 
 
 
 

XSS
Last modified: Tuesday, December 09, 2003 

An abbreviation of cross-site scripting. XSS is a security breach that takes advantage of dynamically generated Web pages. In an XSS attack, a Web application is sent with a script that activates when it is read by an unsuspecting user’s browser or by an application that has not protected itself against cross-site scripting. Because dynamic Web sites rely on user input, a malicious user can input malicious script into the page by hiding it within legitimate requests. Common exploitations include search engine boxes, online forums and public-accessed blogs. Once XSS has been launched, the attacker can change user settings, hijack accounts, poison cookies with malicious code, expose SSL connections, access restricted sites and even launch false advertisements. The simplest way to avoid XSS is to add code to a Web application that causes the dynamic input to ignore certain command tags.

Scripting tags that take advantage of XSS include <SCRIPT>, <OBJECT>, <APPLET>, <EMBED> and <FORM>. Common languages used for XSS include JavaScript, VBScript, HTML, Perl, C++, ActiveX and Flash.

Cross-site scripting also is referred to as malicious tagging and sometimes abbreviated as CSS, though CSS is more commonly used as an abbreviation for cascading style sheets.

E-mail this definition to a colleague

Sponsored listings

Stop Application Attacks - Learn how F5 can protect your network & applications from threats


For internet.com pages about XSS . Also check out the following links!

Related Links

Cross-Site Scripting 
This article from IBM was written to raise the awareness of the CSS threat and to present a solution implementation for Web applications to avoid this kind of attack. Uses sample attack scenarios.

Cross-Site Scripting: Are You Web Applications Vulnerable?
The purpose of this paper is to educate both application developers and end users on the techniques that can be used to exploit Web applications using XSS. (pdf)

The Anatomy of Cross-Site Scripting
This paper explores the possibilities of an XSS attack using scripts other than HTML. (pdf)

XSS FAQ
From Cgisecurity.com.
related categories

Internet

Security
related terms

application

dynamic URL

hacker

script

webopedia
Give Us Your
Feedback

Shopping
XSS Products
Compare Products,Prices and Stores

Shop by Category:
Clothing
124 Store Offers

Microwave Ovens
1 Model Matches

Watches
0 Store Offers

Sport and Outdoor
10 Store Offers



JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers
Solutions
Whitepapers and eBooks
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
Microsoft Article: 7.0, Microsoft's Lucky Version?
Microsoft Article: Hyper-V--The Killer Feature in Windows Server 2008
Avaya Article: How to Feed Data into the Avaya Event Processor
Microsoft Article: Install What You Need with Windows Server 2008
HP eBook: Putting the Green into IT
Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency
Avaya Article: Setting Up a SIP A/S Development Environment
IBM Article: How Cool Is Your Data Center?
Microsoft Article: Managing Virtual Machines with Microsoft System Center
HP eBook: Storage Networking , Part 1
Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
MORE WHITEPAPERS, EBOOKS, AND ARTICLES
Webcasts
Intel Video: Are Multi-core Processors Here to Stay?
On-Demand Webcast: Five Virtualization Trends to Watch
HP Video: Page Cost Calculator
Intel Video: APIs for Parallel Programming
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
MORE WEBCASTS, PODCASTS, AND VIDEOS
Downloads and eKits
Sun Download: Solaris 8 Migration Assistant
Sybase Download: SQL Anywhere Developer Edition
Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook
 Red Gate Download: SQL Compare Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS
Tutorials and Demos
How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology
eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors
IBM Article: Collaborating in the High-Performance Workplace
HP Demo: StorageWorks EVA4400
 Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class
Microsoft How-to Article: Get Going with Silverlight and Windows Live
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES