[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 336
  • Last Modified:

XSS (Cross Site Scripting)

Is XSS only a vulnerability in web apps where a legitimate user has to enter login credentials to access areas of the application, or can it be evident in applications where the user does not require login details and can access any area of the appliaction without any authentication / access control?
2 Solutions
XSS has nothing to do with credentials/authentication/access control
but can be used to steel credentials and bypass access controls
XSS is always a vulnerability in the web application and/or the data the web application delivers to the browser (in case of persistent XSS).
Simply said: an XSS vulnerability allows for malicious client side script execution. What this script does in the context of that web application is only limited by the attackers imagination.
The main sources for XSS vulnerabilities are improper input and output sanitization, so the attacker can inject his code.
This can be in stored content, injected in fields, URL parameters, ...

kr, J.

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now