Hackernoon logoGlossary of Security Terms: Cross-Site Scripting by@mozilla

Glossary of Security Terms: Cross-Site Scripting

Cross-site scripting (XSS) is a security exploit which allows an attacker to inject into a website malicious client-side code. This code is executed by the victims and lets the attackers bypass access controls and impersonate users. According to the Open Web Application Security Project, XSS was the seventh most common Web app vulnerability in 2017. These attacks succeed if the Web app does not employ enough validation or encoding. The user's browser cannot detect the malicious script is untrustworthy, and so gives it access to any cookies, session tokens, or other sensitive site-specific information.
image
Mozilla Contributors Hacker Noon profile picture

@mozillaMozilla Contributors

Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape.

Cross-site scripting (XSS) is a security exploit which allows an attacker to inject into a website malicious client-side code. This code is executed by the victims and lets the attackers bypass access controls and impersonate users. According to the Open Web Application Security Project, XSS was the seventh most common Web app vulnerability in 2017.

These attacks succeed if the Web app does not employ enough validation or encoding. The user's browser cannot detect the malicious script is untrustworthy, and so gives it access to any cookies, session tokens, or other sensitive site-specific information, or lets the malicious script rewrite the HTML content.

Learn more

General knowledge

View Previous Terms:

Credits

Mozilla Contributors Hacker Noon profile picture
by Mozilla Contributors @mozilla. Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape.Read my stories

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.