Cross-site scripting
Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec up until 2007. XSS effects vary in range from petty nuisance to significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner network.
- Comment
- enCross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec up until 2007. XSS effects vary in range from petty nuisance to significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner network.
- Has abstract
- enCross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec up until 2007. XSS effects vary in range from petty nuisance to significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner network.
- Hypernym
- Vulnerability
- Is primary topic of
- Cross-site scripting
- Label
- enCross-site scripting
- Link from a Wikipage to an external page
- projects.webappsec.org/Cross-Site-Scripting
- lockmedown.com/preventing-xss-in-asp-net-made-easy/
- www.jsfuck.com/
- www.xssed.com/
- owasp.org/www-community/attacks/xss/
- bobssite.org/search%3C/nowiki%3E'''%3Fq=puppies'''%22
- www.owasp.org/index.php/Reviewing_Code_for_Cross-site_scripting
- www.owasp.org/index.php/Testing_for_Cross_site_scripting
- www.scriptalert1.com
- Link from a Wikipage to another Wikipage
- Access control
- ActiveX
- Adobe Flash
- AJAX
- Ajax (programming)
- Alice and Bob
- AngularJS
- ASCII
- Blue team (computer security)
- Browser security
- Buffer overflow
- Category:Hacking (computer security)
- Category:Injection exploits
- Category:Web security exploits
- Client-side
- Client-side script
- Code injection
- Computer network
- Computer worm
- Content Security Policy
- Cross-document messaging
- Cross-site request forgery
- Cross-zone scripting
- Cryptographic nonce
- Cure53
- Document Object Model
- Escape character
- Eval
- Firefox
- Frame (World Wide Web)
- Free and open source
- Gecko (layout engine)
- Google Chrome
- HTML
- HTML sanitization
- HTTP cookie
- HTTP header injection
- HTTP response splitting
- Information security
- Information security audit
- Internet Explorer
- Internet security
- Java (programming language)
- JavaScript
- JavaScript library
- JQuery
- List of XML and HTML character entity references
- Login
- Metasploit Project
- Microsoft
- Mobile IP
- MySpace
- Network address translation
- NortonLifeLock
- NoScript
- Obfuscation
- Opera (web browser)
- OWASP
- Parameter validation
- Payment card number
- Percent-encoding
- Phishing
- Safari (web browser)
- Same-origin policy
- Samy (computer worm)
- Self-XSS
- Server-side redirect
- Session hijacking
- Social engineering (security)
- SQL injection
- Static program analysis
- String (computer science)
- Trademark (computer security)
- VBScript
- Vulnerability (computer science)
- W3af
- Web 2.0
- Web API
- Web application
- Web application security
- Web application security scanner
- Web proxy
- Website
- Web template system
- XML external entity
- SameAs
- 3RvRD
- Cross site scripting
- Cross Site Scripting
- Cross-site scripting
- Cross-site scripting
- Cross-site scripting
- Cross-site scripting
- Cross-site scripting
- Cross-site scripting
- Cross-site scripting
- Cross-site scripting
- Cross-site scripting
- Cross-site scripting
- Cross-site scripting
- Cross-site scripting
- Cross-site scripting
- Cross-site scripting
- Cross-site scripting
- Cross-site scripting
- Cross-site scripting
- Cross-Site-Scripting
- Cross-site scripting (XSS) халдлага
- m.01j hm
- Murdskriptimine
- Q371199
- Saytlararası skript
- Siteler arası betik çalıştırma
- Starpvietņu skriptošana
- XSS
- XSS
- XSS
- XSS
- Межсайтовый скриптинг
- Міжсайтовий скриптинг
- برمجة عابرة للمواقع
- تزریق اسکریپت از طریق وبگاه
- କ୍ରସ ସାଇଟ୍ ସ୍କ୍ରିପଟିଂ
- ക്രോസ് സൈറ്റ് സ്ക്രിപ്റ്റിംഗ്
- クロスサイトスクリプティング
- 跨網站指令碼
- 사이트 간 스크립팅
- Subject
- Category:Hacking (computer security)
- Category:Injection exploits
- Category:Web security exploits
- WasDerivedFrom
- Cross-site scripting?oldid=1123369002&ns=0
- WikiPageLength
- 47312
- Wikipage page ID
- 241154
- Wikipage revision ID
- 1123369002
- WikiPageUsesTemplate
- Template:Anchor
- Template:Cite web
- Template:Code
- Template:Information security
- Template:Manual
- Template:Quote box
- Template:Redirect
- Template:Reflist
- Template:Short description
- Template:Use mdy dates