XSS - Cross Site Scripting Home Cybersecurity Dictionary XSS - Cross Site Scripting XSS is a computer security vulnerability normally found in web applications that allows attackers to inject client-side scripts into benign and trusted websites. A cross-site scripting vulnerability could be used by an attacker to bypass access controls such as the same-origin policy. Instead of directly targeting the application, it puts users at risk since user accounts can be compromised, Trojan horse programs activated, and page content modified, misleading users into willingly surrendering private data. Session cookies can also be exposed, letting perpetrators impersonate valid users and abuse their private accounts. There are two types of XSS. The first is stored/persistent XSS, the more damaging type, which occurs when a malicious script is injected directly into a vulnerable web application. The second is reflected XSS which involves the reflecting of malicious script off of a web application, onto a user’s browser. In this attack, the script is embedded into a link, and is only activated once that link is clicked on. Websites that allow users to share content, including blogs, social networks, video sharing platforms and message boards are frequent targets for XSS attacks. Every time the infected page is viewed, the malicious script is transmitted to the victim’s browser. Related TermsSQLi - SQL InjectionOWASP - Open Web Application Security Project Share: Seeking Clarity? View the Cybersecurity Dictionary for top terms searched by your peers. Back to the Dictionary RELATED INSIGHTS BLOG April 26, 2018 Thoughts on Breach of Trust vs. a Breach of Security General thought: A breach of trust is different than a breach of security. Trust and security, while related, are very different from each other. In r... See Details Read more about Thoughts on Breach of Trust vs. a Breach of Security How Can We Help? Let us know what you need, and we will have an Optiv professional contact you shortly.