Computers Security Internet Web Cross Site Scripting
Cross site scripting or XSS vulnerabilities allow client side scripts (Javascript or Active X) from a third party to execute as if it originated from a trusted server.

This vulnerability is caused by unfiltered, unchecked input written to a web page by the trusted server. A third party may direct a user to send data to the trusted server. If the server expects non-script data but does nothing to ensure that no script is contained, it may pass the script back to the user to execute.

As a result a third party may be able to steal data such as the password of the user, read the user's private information, or act as the user.

The Cross Site Scripting FAQ
Answers questions on identification, threats, and prevention. Provides examples and links.
Apache: Cross Site Scripting Info
How the attack affects websites hosted on the Apache webserver and Apache specific issues.
Cross Site Scripting Vulnerabilities
Security consultant David deVitry offers background information, a free CSS vulnerability detector, and a list of vulnerable sites. Preventing Cross-site Scripting Attacks
Paul Lindner, author of the mod_perl cookbook, explains how to secure our sites against Cross-Site Scripting attacks using mod_perl and Apache::TaintRequest. (February 20, 2002)
'Cross-site scripting' tears holes in Net security
USA Today article by Byron Acohido that details WhiteHat Security's assessment of Hotmail, Yahoo, Amazon, and America Online. (August 30, 2001)
CERT Advisory CA-2000-02: Malicious HTML Tags Embedded in Client Web Requests
Advisory published jointly by the CERT Coordination Center, DoD-CERT, the DoD Joint Task Force for Computer Network Defense (JTF-CND), the Federal Computer Incident Response Capability (FedCIRC), and the National Infrastructure Protection Center (NIPC). (February 02, 2000)
[WWW Mozilla]
Last update:
October 2, 2014 at 9:24:03 UTC
All Languages