What is cross-site scripting?


Quick Answer

Cross-site scripting, also known as an XSS attack, is a hacking attack on a client's Web browser using malicious code to hijack the browser. An XSS attack corrupts a trusted Web link by exploiting security weaknesses within a Web application, which allows a hacker to steal a user's information.

Continue Reading

Full Answer

Hackers use different cross-site attacks such as reflective XSS, where a user receives an email with a malicious link. Once the user clicks on the link, the malicious code is executed on the user's browser during the current browsing session. An attacker can use a cross-script attack to hijack a user's account, to control the browser remotely and to access a victim's browser history.

Web servers that generate dynamic responses are vulnerable to XSS attacks. Such servers should validate user input and code Web pages properly to prevent cross-site scripting attacks. Attackers typically use JavaScript to deliver malicious code to users of vulnerable applications. The victim of such attacks is the user, not the application.

A cross-site scripting attack is dangerous because it occurs during a user's browsing session and bypasses normal security measures. If an XSS attack is successful, the attacker typically gains control of the user's browser via the vulnerable application.

Learn more about Computer Help

Related Questions