XSS

(redirected from Cross-site scripting)
Also found in: Acronyms, Wikipedia.

XSS

(CROSS-Site Scripting) Causing a user's Web browser to execute a malicious script. There are several ways this is done. One approach is to hide code in a "click here" hyperlink attached to a URL that points to a non-existent Web page. When the page is not found, the script is returned with the bogus URL, and the user's browser executes it.

An "XSS hole" is a vulnerability in an application that enables cross-site scripting to be exploited. See parameter tampering, buffer overflow and CSRF.
Copyright © 1981-2019 by The Computer Language Company Inc. All Rights reserved. THIS DEFINITION IS FOR PERSONAL USE ONLY. All other reproduction is strictly prohibited without permission from the publisher.
References in periodicals archive ?
If IT admins have the right browser security options for monitoring add-ons, then they can easily avoid things like malicious extensions, cross-site scripting, and outdated browser vulnerabilities.
* Attackers go after web applications with cross-site scripting. Cross-site scripting accounted for 39.3 percent of the top ten exploits in Q3, primarily targeting web applications.
Malicious injection of the code within vulnerable web applications to trick users and redirect them to untrusted websites is called cross-site scripting (XSS).
The bug bounty programs seeks to address crucial security flaws like Cross-Site Scripting (XSS), SQL Injection, Misuse/Unauthorized use of MobiKwik's APIs, Improper TLS protection and Leaking of sensitive customer data (especially anything in the scope of PCI).
Veracode's analytics show that 86 percent of PHP-based applications contain at least one Cross-Site Scripting (XSS) vulnerability and 56 percent have at least one SQL injection (SQLi) when initially assessed by Veracode.
The attacks of malicious HTML or JavaScript code are one of the most significant and pervasive threats to the web application security such as cross-site scripting (XSS) attacks, embedding malicious third-party JavaScript code, and vulnerable third-party browser extensions or plugins.
WAF is used to protect web applications against common attacks such as cross-site scripting and SQL injection.
JavaScript Injection [8], Excess Authorization [9], Cross-site scripting [10], Event sniffing and hijacking [8] belong to Web-based attack while Event simulation, KeyStroke Hijacking and Touch Jacking belong to UI based attack[11].
This kind of vulnerabilities, such as XSS(Cross-Site Scripting), SQL injection allow hackers to directly access sensitive and personal information stored in the database.
In addition to protecting a site against cross-site scripting vulnerabilities and website vandalism, a good application firewall can thwart SQL injection attacks as well.
A recent Hewlett Packard study showed that over 70 percent of connected devices have serious vulnerabilities, including encryption, password, cross-site scripting, user access, and permission.