ISP Glossary Find an ISP Term

Search ISP Sites

Search: Search internet.com

ISP Resources ISP-Lists ISP Glossary ISP News CLEC-Planet The List ISPCON Free Newsletter IT Developer Internet News Small Business Personal Technology Search internet.com Advertise Corporate Info Newsletters Tech Jobs E-mail Offers internet.commerce Be a Commerce Partner

Search for an ISP term
by a keyword...	...or by category. choose one... Communications Computer Industry Companies Computer Science Data Graphics Hardware Internet and Online Services Mobile Computing Multimedia Networks Operating Systems Programming Software Standards Types of Computers World Wide Web

XSS Last modified: Tuesday, December 09, 2003
An abbreviation of cross-site scripting. XSS is a security breach that takes advantage of dynamically generated Web pages. In an XSS attack, a Web application is sent with a script that activates when it is read by an unsuspecting user’s browser or by an application that has not protected itself against cross-site scripting. Because dynamic Web sites rely on user input, a malicious user can input malicious script into the page by hiding it within legitimate requests. Common exploitations include search engine boxes, online forums and public-accessed blogs. Once XSS has been launched, the attacker can change user settings, hijack accounts, poison cookies with malicious code, expose SSL connections, access restricted sites and even launch false advertisements. The simplest way to avoid XSS is to add code to a Web application that causes the dynamic input to ignore certain command tags. Scripting tags that take advantage of XSS include <SCRIPT>, <OBJECT>, <APPLET>, <EMBED> and <FORM>. Common languages used for XSS include JavaScript, VBScript, HTML, Perl, C++, ActiveX and Flash. Cross-site scripting also is referred to as malicious tagging and sometimes abbreviated as CSS, though CSS is more commonly used as an abbreviation for cascading style sheets.
Cross-Site Scripting This article from IBM was written to raise the awareness of the CSS threat and to present a solution implementation for Web applications to avoid this kind of attack. Uses sample attack scenarios. Cross-Site Scripting: Are You Web Applications Vulnerable? The purpose of this paper is to educate both application developers and end users on the techniques that can be used to exploit Web applications using XSS. (pdf) The Anatomy of Cross-Site Scripting This paper explores the possibilities of an XSS attack using scripts other than HTML. (pdf) XSS FAQ From Cgisecurity.com.	Related Categories Internet Security Related Terms application dynamic URL hacker script