XSS (Cross Site Scripting)

Posted on 2010-01-05
Last Modified: 2012-05-08
Is XSS only a vulnerability in web apps where a legitimate user has to enter login credentials to access areas of the application, or can it be evident in applications where the user does not require login details and can access any area of the appliaction without any authentication / access control?
Question by:pma111
    LVL 51

    Accepted Solution

    XSS has nothing to do with credentials/authentication/access control
    but can be used to steel credentials and bypass access controls
    XSS is always a vulnerability in the web application and/or the data the web application delivers to the browser (in case of persistent XSS).
    LVL 18

    Assisted Solution

    Simply said: an XSS vulnerability allows for malicious client side script execution. What this script does in the context of that web application is only limited by the attackers imagination.
    The main sources for XSS vulnerabilities are improper input and output sanitization, so the attacker can inject his code.
    This can be in stored content, injected in fields, URL parameters, ...

    kr, J.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now