Definitions Edit

A cross-site scripting (XSS) attack is

[a]n attack that uses third-party web resources to run script within the victim's web browser or scriptable application. This occurs when a browser visits a malicious website or clicks a malicious link. The most dangerous consequences occur when this method is used to exploit additional vulnerabilities that may permit an attacker to steal cookies (data exchanged between a web server and a browser), log key strokes, capture screen shots, discover and collect network information, and remotely access and control the victim's machine.[1]
a type of computer security vulnerability that uses malicious script imbedded in an otherwise benign and trusted web applications to gather user data. When the script is executed (e.g., when a user clicks on a compromised link in an email message or reads an infected forum post), sensitive user data can be accessed by the attacker.[2]

References Edit

  1. Critical Infrastructure Protection: Cybersecurity Guidance Is Available, but More Can Be Done to Promote Its Use, at 4.
  2. Privacy Technical Assistance Center, Cross-site scripting (full-text).

See also Edit

Community content is available under CC-BY-SA unless otherwise noted.