XSS – cross-site scripting

Cross-site scripting (XSS) is a security breach that takes advantage of dynamically generated Web pages. In an XSS attack, a Web application is sent with a script that activates when it is read by an unsuspecting user’s browser or by an application that has not protected itself against cross-site scripting. Because dynamic Web sites rely on user input, a malicious user can input malicious script into the page by hiding it within legitimate requests.

Common Languages and Exploitation

Common exploitation include search engine boxes, online forums and public-accessed blogs. Once XSS has been launched, the attacker can change user settings, hijack accounts, poison cookies with malicious code, expose SSL connections, access restricted sites and even launch false advertisements. The simplest way to avoid XSS is to add code to a Web application that causes the dynamic input to ignore certain command tags.

Cross-site scripting also is referred to as malicious tagging and sometimes abbreviated as CSS, though CSS is more commonly used as an abbreviation for cascading style sheets.

Vangie Beal
Vangie Beal
Vangie Beal is a freelance business and technology writer covering Internet technologies and online business since the late '90s.

Related Articles

DocuSign

What is DocuSign? DocuSign is an agreement management application that enables businesses to create, send, and automate a wide variety of forms and contracts and...

Compliance

What is compliance? Compliance or regulatory compliance is a term used across industries to describe rules and policies that prohibit or regulate specific products, services,...

User Experience

User experience describes a user's interaction with products, systems, and services and includes usability, design, navigation, and impression.

Management Information Systems (MIS)

What is a Management Information System? A Management Information System (MIS) is an information system that provides managers with the tools to effectively organize, evaluate,...

Venture Capital

Venture capital (VC) offers startups and developing businesses growth opportunities with funding from...

Third-Party Apps

A third-party application is an application provided by a vendor other than the...

Ernst & Young (EY)

Ernst & Young Global Limited, commonly known as EY, is a multinational professional...