XSS – cross-site scripting

Cross-site scripting (XSS) is a security breach that takes advantage of dynamically generated Web pages. In an XSS attack, a Web application is sent with a script that activates when it is read by an unsuspecting user’s browser or by an application that has not protected itself against cross-site scripting. Because dynamic Web sites rely on user input, a malicious user can input malicious script into the page by hiding it within legitimate requests.

Common Languages and Exploitation

Common exploitation include search engine boxes, online forums and public-accessed blogs. Once XSS has been launched, the attacker can change user settings, hijack accounts, poison cookies with malicious code, expose SSL connections, access restricted sites and even launch false advertisements. The simplest way to avoid XSS is to add code to a Web application that causes the dynamic input to ignore certain command tags.

Cross-site scripting also is referred to as malicious tagging and sometimes abbreviated as CSS, though CSS is more commonly used as an abbreviation for cascading style sheets.

Vangie Beal
Vangie Beal
Vangie Beal is a freelance business and technology writer covering Internet technologies and online business since the late '90s.

Related Articles

Change Order

When changes need to be made to a project after the project has already been approved by the client, a professional service firm needs...

Container Registry Software

Container registry software is designed to store container images while inactive and offers automation features for container management. The software also provides a level...

Systems Integrator (SI)

With the increasing complexity of IT, businesses want complete IT solutions that include the right software, networking, and hardware components. They also want those...

Early Adopter

Early adopters play an integral role in the shift from untested to critical technology—they're the first buyers to invest in new hardware, software, or...

Change Order

When changes need to be made to a project after the project has...

Container Registry Software

Container registry software is designed to store container images while inactive and offers...

Accenture

Accenture is a global professional services company that specializes in information technology (IT)...