Cross-Site scripting defined
- XSS is a vulnerability that can be exploited by infecting applications.
- The victim is actually the user that unknowingly visits a page or performs an action that triggers the exploit.
How Cross-Site Scripting affects companies
If an XSS attack is successful, it can cause problems for companies. Company accounts can be compromised, which usually leads to data and identity theft. The attackers can also use that access to inject worms and other viruses which then spread throughout the company network. Hackers can also gain access to other company applications and use them for malicious actions or gain. Other actions an attacker can perform include the accessing of browser history and clipboard data, gaining remote control of the browser and identification of additional cross-site scripting vulnerabilities. Scanning of networked computers and applications also becomes easy to perform.
See Cross Site Scripting (XSS) Cheat Sheet, Attack Examples & Protection at Vulnerability Knowledge Base.