Posts Tagged ‘Active XSS’

Сross Site SсriрtingXSS (Сross Site Sсriрting) – a type of vulnerability of interactive information systems in the network (eg, browsers) that is in server-generated pages embedded scripts that run on the client side.

The specificity of this tactic is that, instead of a direct attack on the server are then used vulnerable server as a means to attack your computer. An attacker can use XSS to bypass access control measures, such as rules limiting the domain. Approximately 80.5% of all recorded in 2007 by Symantec vulnerabilities accounted for by cross-site scripting. Damage from attacks using XSS varies depending on the value of the information processed in the vulnerable site, and the security measures taken by the site owner.

Simply put, XSS, (also known as CSS, which creates confusion with the term ‘Cascading Style Sheets’), is the most common vulnerability occurring among web applications. With XSS an attacker can inject into a Web page with malicious code. XSS is possible because of the lack of validation of data entered by the user, or the lack of filtering. Inadequate handling of user data input may lead to malicious code in the user’s browser. (more…)