XSS

(redirected from Cross-site scripting)
Also found in: Acronyms, Wikipedia.

XSS

(CROSS-Site Scripting) Causing a user's Web browser to execute a malicious script. There are several ways this is done. One approach is to hide code in a "click here" hyperlink attached to a URL that points to a non-existent Web page. When the page is not found, the script is returned with the bogus URL, and the user's browser executes it.

An "XSS hole" is a vulnerability in an application that enables cross-site scripting to be exploited. See parameter tampering and CSRF.
References in periodicals archive ?
The bug bounty programs seeks to address crucial security flaws like Cross-Site Scripting (XSS), SQL Injection, Misuse/Unauthorized use of MobiKwik's APIs, Improper TLS protection and Leaking of sensitive customer data (especially anything in the scope of PCI).
NET controls avoid common issues related to Cross-Site Scripting.
Similarly a client side variable might get applied to both input validation and output encoding to prevent, lets say, cross-site scripting attack.
This YoY growth presents a growing interest in content management solutions in the region which can be attributed to the growing sophistication of Web-based threats such as anti-spam, cross-site scripting, and email-based fraud attempts.
22 -- Yesterday, Twitter faced a security exploit caused by cross-site scripting (XSS).
Este appliance protege las aplicaciones y servicios Web de ataques maliciosos, mientras aumenta el rendimiento y la escalabilidad, incluyendo inyecciones de SOL, ataques de cross-site scripting, manipulacion de periodo de sesiones y desbordamientos de bufer.
lt;p>The remaining two vulnerabilities , both rated "moderate" in Mozilla's four-step scoring system, were bugs that could be exploited in cross-site scripting attacks.
dotDefender delivers comprehensive protection against SQL injection, cross-site scripting and many other application-level attacks, and fulfills the challenging application layer firewall requirements of PCI Data Security Standard.
Delivered through a SaaS model, QualysGuard WAS delivers automated crawling and testing for custom Web applications to identify most common vulnerabilities such as those in the OWASP Top 10 and WASC Threat Classification, including SQL injection and cross-site scripting.
The upcoming release will feature a far more extensive set of security enhancements than previously expected, particularly in relation to blocking cross-site scripting attack.
During the last six months of 2007, there were 11,253 site-specific cross-site scripting vulnerabilities reported on the Internet; these represent vulnerabilities in individual Web sites.
Case studies explain techniques for evaluating vulnerabilities to brute force browsing, buffer overruns, cookie tampering, cross-site scripting, denial of service, format strings, integer overflows, password and spoofing attacks, and SQL injection.