Cross-Site scripting defined
Cross-Site scripting, also known as XSS, is the most common application vulnerability exploit found in web applications today. This code is executed via the unsuspecting user’s web browser by manipulating scripts such as JavaScript and HTML. A successful XSS exploit can result in scripts being embedded into a web page. These scripts are executed every time a user visits the page or whenever a specific action is performed. Here are some points to remember about XSS:
- XSS is a vulnerability that can be exploited by infecting applications.
- The victim is actually the user that unknowingly visits a page or performs an action that triggers the exploit.
- The exploit is most-commonly triggered via JavaScript.
How Cross-Site Scripting affects companies
If an XSS attack is successful, it can cause problems for companies. Company accounts can be compromised, which usually leads to data and identity theft. The attackers can also use that access to inject worms and other viruses which then spread throughout the company network. Hackers can also gain access to other company applications and use them for malicious actions or gain. Other actions an attacker can perform include the accessing of browser history and clipboard data, gaining remote control of the browser and identification of additional cross-site scripting vulnerabilities. Scanning of networked computers and applications also becomes easy to perform.
See Cross Site Scripting (XSS) Cheat Sheet, Attack Examples & Protection at Vulnerability Knowledge Base.