XSS – What Is Cross-Site Scripting?

Commonly known as Cross-Site Scripting, XSS is one of the most eminent application-based web attacks. Cross-Site Scripting vulnerabilities mainly target data that is stored in a page or pages that are executed on the client’s side, that is, in the user’s browser instead of the server-side. XSS/ Cross-Site Scripting in itself is a cyber-threat that is brought about mainly by weaknesses in the security of client-side scripting languages, like as HTML, PHP and JavaScript.


The concept of Cross-Site Scripting is to interfere with the client-side scripts of a given web application in order to execute the application in a manner desired by the malicious user. This intrusion can embed a script in a web application that can be run whenever the browser is loaded, or any time an associated event is performed.

XSS is a very common security vulnerability in web page. This should not be the case as XSS is easy to find and easy to fix. XSS vulnerabilities can have consequences such as tampering and sensitive data theft.

How XSS Works

A Cross-Site Scripting breach arises when web-based applications takes some data from a surfing client and dynamically integrates it in web pages without necessarily validating the data. XSS vulnerabilities allow the hacker to execute an arbitrary command and consequently display some content in the client’s browser. A successful XSS attack leads to an attacker controlling the victim’s browser or account on the vulnerable web application. Even though Cross-Site Scripting is often enabled by vulnerable pages in a web application, the sufferers of an XSS attacks are the application’s users, not the actual application. The vulnerability of Cross-Site Scripting lies in the fact that the attacker’s code executes within the context of the victim’s session, thereby allowing the attacker to bypass nearly all the normal security restrictions.

The Reflective XSS
There are numerous mechanisms in which an attacker can possibly duce the victim into the implanted reflective XSS request. For instance, the cyber bully could send the client some misleading email with a link that contains the encrypted JavaScript. If the victim clicks on the link, the hypertext protocol application is initiated by the browser and sent to the vulnerable web application. This malicious JavaScript is then reflected back to the client’s browser, where it is run in the context of the victim user’s session.

If the cyber bully succeeds in taking advantage XSS vulnerabilities, he/she can easily gain access to the account credentials. They may also use the opportunity to spread some viruses, view the browser’s history and consequently control the browser from their side. Furthermore, they could scrutinize and use other intranet applications illegally.

Similar Posts:

Facebook Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>