Cross-Site Scripting (XSS) Attacks

Cross-Site scripting defined

Cross-Site scripting, also known as XSS, is the most common application vulnerability exploit found in web applications today. This code is executed via the unsuspecting user’s web browser by manipulating scripts such as JavaScript and HTML. A successful XSS exploit can result in scripts being embedded into a web page. These scripts are executed every time a user visits the page or whenever a specific action is performed. Here are some points to remember about XSS:

  • XSS is a vulnerability that can be exploited by infecting applications.
  • The victim is actually the user that unknowingly visits a page or performs an action that triggers the exploit.
  • The exploit is most-commonly triggered via JavaScript.

How Cross-Site Scripting affects companies

If an XSS attack is successful, it can cause problems for companies. Company accounts can be compromised, which usually leads to data and identity theft. The attackers can also use that access to inject worms and other viruses which then spread throughout the company network. Hackers can also gain access to other company applications and use them for malicious actions or gain. Other actions an attacker can perform include the accessing of browser history and clipboard data, gaining remote control of the browser and identification of additional cross-site scripting vulnerabilities. Scanning of networked computers and applications also becomes easy to perform.

See Cross Site Scripting (XSS) Cheat Sheet, Attack Examples & Protection at Vulnerability Knowledge Base.

The following two tabs change content below.


Latest posts by tal (see all)

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.