- Home>
- Cross Site Scripting
In a XSS attack, the attacker’s goal is to inject a malicious script into the user’s browser and have the browser execute the script. The vulnerability of web applications to XSS attacks is because of not validating user’s input and/or not encoding/sanitizing data when rendering into a browser. Don’t confuse Cross Site Scripting with Cross Site Request Forgery (CSRF).
A successful XSS attack could be devastating. Examples of damages include exposing the victim’s sensitive data, displaying inappropriate/unintended content, involuntarily transferring of money, impersonating the user’s account etc …
XSS attack is listed under the top ten most critical application security risks for 2017.
Several XSS types of attack describe how a malicious script arrives at a user’s browser: stored XSS attacks, reflected XSS attacks, and server vs client XSS attacks.