XSS


Also found in: Dictionary, Medical, Acronyms.

XSS

(CROSS-Site Scripting) Causing a user's Web browser to execute a malicious script. There are several ways this is done. One approach is to hide code in a "click here" hyperlink attached to a URL that points to a non-existent Web page. When the page is not found, the script is returned with the bogus URL, and the user's browser executes it.

An "XSS hole" is a vulnerability in an application that enables cross-site scripting to be exploited. See parameter tampering and CSRF.
References in periodicals archive ?
As with most XSS flaws, the use of a contextual HTML encoder would prevent this vulnerability.
Most XSS attacks can be classified as a break of document structure integrity according to the work by Nadji et al.
CRO Marsel Nizamutdinov said that about 90 percent of large and medium-size commercial and open-source CMSs prone to XSS and SQL injection attacks are vulnerable because they are not up-to-date or are incorrectly configured, the report added.
The ubiquitous XLs and XSs of retail clothing stores are based on an unnecessary conception of ' normality'
The company said XSS filters provide little defence against an attack and warned that people should be wary of clicking on links within emails until Yahoo fixes the vulnerability.
He said that he had been paid $500 for an XSS vulnerability that he found on Paypal's main domain, in addition to $500 for an information disclosure.
IBM found XSS vulnerabilities are half as likely to exist in customers' software as they were four years ago.
It can also scan for SQL Injection, XSS and other web vulnerabilities.
Since you are bound to be attacked, emphasis must be placed on easy management and operations, with protection against known vulnerabilities and common attack types, such as SQL Injection, XSS, and CSRF.
In Google Chrome 4, we've added an experimental feature to help mitigate one form of XSS [cross-site scripting], reflective XSS," Barth said.
Along with escaping output, switching usage of innerHTML to direct DOM manipulation makes it more difficult for attackers to successfully pull off XSS.