internet.com
You are in the: Small Business Computing Channelarrow View Sites +
Small Business Technology
» ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet |  »Close
Webopedia.com
Enter a word for a definition... ...or choose a computer category.
 
 

menu
   Home
   Term of the Day
   New Terms
   Pronunciation
   New Links
   Quick Reference
   Did You Know?
   Search Tool
   Tech Support
   Webopedia Jobs
   About Us
   Link to Us
   Advertising
  

talk to us
   Submit a URL
   Suggest a Term
   Report an Error

internet.com
Developer
Downloads
International
Internet Lists
Internet News
Internet Resources
IT
Linux/Open Source
Personal Technology
Small Business
Windows Technology
xSP Resources
Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers
commerce
  Be a Commerce Partner
 
 
 
 
 
 
 
 
 
 
 
 
 
 

XSS
Last modified: Tuesday, December 09, 2003 

An abbreviation of cross-site scripting. XSS is a security breach that takes advantage of dynamically generated Web pages. In an XSS attack, a Web application is sent with a script that activates when it is read by an unsuspecting user’s browser or by an application that has not protected itself against cross-site scripting. Because dynamic Web sites rely on user input, a malicious user can input malicious script into the page by hiding it within legitimate requests. Common exploitations include search engine boxes, online forums and public-accessed blogs. Once XSS has been launched, the attacker can change user settings, hijack accounts, poison cookies with malicious code, expose SSL connections, access restricted sites and even launch false advertisements. The simplest way to avoid XSS is to add code to a Web application that causes the dynamic input to ignore certain command tags.

Scripting tags that take advantage of XSS include <SCRIPT>, <OBJECT>, <APPLET>, <EMBED> and <FORM>. Common languages used for XSS include JavaScript, VBScript, HTML, Perl, C++, ActiveX and Flash.

Cross-site scripting also is referred to as malicious tagging and sometimes abbreviated as CSS, though CSS is more commonly used as an abbreviation for cascading style sheets.

E-mail this definition to a colleague


For internet.com pages about XSS . Also check out the following links!

Related Links

Cross-Site Scripting 
This article from IBM was written to raise the awareness of the CSS threat and to present a solution implementation for Web applications to avoid this kind of attack. Uses sample attack scenarios.

Cross-Site Scripting: Are You Web Applications Vulnerable?
The purpose of this paper is to educate both application developers and end users on the techniques that can be used to exploit Web applications using XSS. (pdf)

The Anatomy of Cross-Site Scripting
This paper explores the possibilities of an XSS attack using scripts other than HTML. (pdf)

XSS FAQ
From Cgisecurity.com.

related categories

Internet

Security

related terms

application

dynamic URL

hacker

script


webopedia
Give Us Your
Feedback


Car Speakers and Subwoofers
XSS Products


Shop by Top Models:
Sony XS-S160CX Coaxial Car Speaker
6 store offers from $44 - $129

Sony XS-S690CX Coaxial Car Speaker
7 store offers from $48 - $129

Sony Xplod XS-S680CX Coaxial Car Speaker
3 store offers from $50 - $97



JupiterWeb networks:

internet.comearthweb.comDevx.com graphics.com

Search JupiterWeb:

Jupitermedia Corporation has three divisions:
Jupiterimages, JupiterWeb and JupiterResearch


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Jupitermedia Corporate Info | Newsletters | Tech Jobs | Shopping | E-mail Offers