what is cross site scripting

Could you explain me with simple words what exactly is cross site scripting.
I read the definition in wikipedia, but I was not able to understand it.
dedriAsked:
Who is Participating?
 
ahoffmannCommented:
a bit theoretically:
  XSS is an attack which compromises the trust of a user (browser) in the data supplied by the server

more practical:
  XSS vulnerabilities allow an attacker to craft requests (links, URLs) which return content from a web page which is not intendend by the web page and the user cannot identify the difference

note that XSS is used seemingly for threat and/or vulnerability and/or attack descriptions
0
 
bigeven2002Commented:
Cross Site Scripting (XSS) is the process of injecting content from another site or script into an existing site by adding it to the URL in the address bar.

examples:


www.example.com/file.html?var=http://www.badsite.com/badpage.html
www.example.com/file.html?var=<script>document.write("Hello World!");</script>

Open in new window


This site breaks it down further:

http://infosecisland.com/blogview/11402-Cross-Site-Scripting-XSS-Some-Examples.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.