XSS


Also found in: Dictionary, Medical, Acronyms.

XSS

(CROSS-Site Scripting) Causing a user's Web browser to execute a malicious script. There are several ways this is done. One approach is to hide code in a "click here" hyperlink attached to a URL that points to a non-existent Web page. When the page is not found, the script is returned with the bogus URL, and the user's browser executes it.

An "XSS hole" is a vulnerability in an application that enables cross-site scripting to be exploited. See parameter tampering, buffer overflow and CSRF.
Copyright © 1981-2019 by The Computer Language Company Inc. All Rights reserved. THIS DEFINITION IS FOR PERSONAL USE ONLY. All other reproduction is strictly prohibited without permission from the publisher.
References in periodicals archive ?
XSS breaches could lead to fraud and identity theft, regulatory fines, loss of goodwill, litigations, and loss of customers.
This feature calculates the occurrences of commonly used execution related sinks, that is, eval, setTimeout, setInterval, and new Function, since these JavaScript functions are infamous XSS attack vectors.
Detection results show that many scanners performed fairly well in detecting reflected XSS, and first-order SQL injections and a number of scanners found Path Traversal/ Local File Inclusion.
Reflective XSS occurs when applications mix untrusted data provided in an HTTP request with HTTP response content that is rendered without proper encoding.
Moreover, if the site has XSS vulnerabilities, then the shared key is easy to steal.
Thus an efficient approach to mitigate XSS is demanded.
and custom-built websites and web applications for SQL Injection, XSS, XXE,
Researchers from Web security firm Sucuri have found a stored cross-site scripting (XSS) vulnerability that affects all Jetpack releases since 2012, starting with version 2.0.
* SQL injection attacks continue to evolve--have you heard about compounded, blind, or inference SQL injection attacks or how they are being used together with XSS and DNS hijacking?