Skip to main content
XSS - Cross Site Scripting

XSS - Cross Site Scripting


XSS - Cross Site Scripting

XSS is a computer security vulnerability normally found in web applications that allows attackers to inject client-side scripts into benign and trusted websites.

A cross-site scripting vulnerability could be used by an attacker to bypass access controls such as the same-origin policy. Instead of directly targeting the application, it puts users at risk since user accounts can be compromised, Trojan horse programs activated, and page content modified, misleading users into willingly surrendering private data. Session cookies can also be exposed, letting perpetrators impersonate valid users and abuse their private accounts.

There are two types of XSS. The first is stored/persistent XSS, the more damaging type, which occurs when a malicious script is injected directly into a vulnerable web application. The second is reflected XSS which involves the reflecting of malicious script off of a web application, onto a user’s browser. In this attack, the script is embedded into a link, and is only activated once that link is clicked on.

Websites that allow users to share content, including blogs, social networks, video sharing platforms and message boards are frequent targets for XSS attacks. Every time the infected page is viewed, the malicious script is transmitted to the victim’s browser.

Seeking Clarity?

View the Cybersecurity Dictionary for top terms searched by your peers.

Explore the Dictionary

Related Assets

December 17, 2015

Bypassing CSRF Tokens via XSS

Many web development platforms provide libraries that handle the creation and validation of tokens with each HTTP request to prevent Cross Site Reques...

See Details

April 26, 2018

Thoughts on Breach of Trust vs. a Breach of Security

General thought: A breach of trust is different than a breach of security. Trust and security, while related, are very different from each other. In r...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.