XSS


Also found in: Dictionary, Medical, Acronyms.

XSS

(CROSS-Site Scripting) Causing a user's Web browser to execute a malicious script. There are several ways this is done. One approach is to hide code in a "click here" hyperlink attached to a URL that points to a non-existent Web page. When the page is not found, the script is returned with the bogus URL, and the user's browser executes it.

An "XSS hole" is a vulnerability in an application that enables cross-site scripting to be exploited. See parameter tampering, buffer overflow and CSRF.
References in periodicals archive ?
XSS breaches could lead to fraud and identity theft, regulatory fines, loss of goodwill, litigations, and loss of customers.
This feature calculates the occurrences of commonly used execution related sinks, that is, eval, setTimeout, setInterval, and new Function, since these JavaScript functions are infamous XSS attack vectors.
Detection results show that many scanners performed fairly well in detecting reflected XSS, and first-order SQL injections and a number of scanners found Path Traversal/ Local File Inclusion.
Reflective XSS occurs when applications mix untrusted data provided in an HTTP request with HTTP response content that is rendered without proper encoding.
"Among the top five results (30 in total), we found nine tutorials that contain vulnerable code: six tutorials with SQLi, and three tutorials with XSS," warned the researchers.
Moreover, if the site has XSS vulnerabilities, then the shared key is easy to steal.
Thus an efficient approach to mitigate XSS is demanded.
Por otra parte, para la deteccion de gusanos XSS en la interfaz del lado del cliente, PHP-Sensor utiliza solamente la fase de reconocimiento.
and custom-built websites and web applications for SQL Injection, XSS, XXE,
Nessus continene su propio codigo para generar sobrecarga en los sistemas, como el sqli, el xss y exploits, de esta forma simula un ataque y muestra en que parte encontro la debilidad (Figura 11).
Researchers from Web security firm Sucuri have found a stored cross-site scripting (XSS) vulnerability that affects all Jetpack releases since 2012, starting with version 2.0.
* SQL injection attacks continue to evolve--have you heard about compounded, blind, or inference SQL injection attacks or how they are being used together with XSS and DNS hijacking?