-
Notifications
You must be signed in to change notification settings - Fork 0
Cross Site Scripting (CWE 79)
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.
Documented from During the second half of 2007, 11,253 site-specific cross-site vulnerabilities were documented by XSSed, compared to 2,134 "traditional" vulnerabilities documented by Symantec, in "Symantec Internet Security Threat Report: Trends for July–December 2007 (Executive Summary)" (PDF). XIII. Symantec Corp. April 2008: 1–3. Retrieved May 11, 2008. via Wikipedia.
The non-persistent (or reflected) cross-site scripting vulnerability is by far the most basic type of web vulnerability.
Documented from Paco, Hope; Walther, Ben (2008). Web Security Testing Cookbook. via Wikipedia.
The persistent (or stored) XSS vulnerability is a more devastating variant of a cross-site scripting flaw: it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. A classic example of this is with online message boards where users are allowed to post HTML formatted messages for other users to read.
Documented from Web Application Security Consortium. via Wikipedia.
Copyright 2019 Exploiter ID, All Right Reserved.