Solved

what is cross site scripting

Posted on 2012-03-23
2
464 Views
Last Modified: 2013-11-19
Could you explain me with simple words what exactly is cross site scripting.
I read the definition in wikipedia, but I was not able to understand it.
0
Comment
Question by:dedri
2 Comments
 
LVL 17

Assisted Solution

by:bigeven2002
bigeven2002 earned 250 total points
ID: 37758234
Cross Site Scripting (XSS) is the process of injecting content from another site or script into an existing site by adding it to the URL in the address bar.

examples:


www.example.com/file.html?var=http://www.badsite.com/badpage.html
www.example.com/file.html?var=<script>document.write("Hello World!");</script>

Open in new window


This site breaks it down further:

http://infosecisland.com/blogview/11402-Cross-Site-Scripting-XSS-Some-Examples.html
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 250 total points
ID: 37780420
a bit theoretically:
  XSS is an attack which compromises the trust of a user (browser) in the data supplied by the server

more practical:
  XSS vulnerabilities allow an attacker to craft requests (links, URLs) which return content from a web page which is not intendend by the web page and the user cannot identify the difference

note that XSS is used seemingly for threat and/or vulnerability and/or attack descriptions
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Any business that wants to seriously grow needs to keep the needs and desires of an international audience of their websites in mind. Making a website friendly to international users isn’t prohibitively expensive and can provide an incredible return…
The viewer will learn how to dynamically set the form action using jQuery.
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now