Cross-Site Scripting (XSS)
XSS is the most common website vulnerability which can hack and leak sensitive information such as credit card and social security numbers. It is a code which enables the hacker to send malicious content to the end-user and collect data from the victim without any detection. According to Symantec, 84% of their documented vulnerabilities in 2007 were classified as XSS.
This type of scripting exploits the same origin policy.†For example, if Website A has the permission to access information on the system then any content that is linked to Website A will also have the same permissions. If an attacker find a way to infect the code of Website A, any information that Website A has access to (i.e. all the saved information in the browser of the user, ranging from saved passwords to cookies), the attacker will be able to download it onto his system as well.
In the past, websites like Twitter, Orkut, Facebook, YouTube, and MySpace have been affected by XSS scripting. This script can also be used to steal hidden personal data of users from servers of the compromised website.
It is recommended to have regular scanning of websites in order to make sure that you are not being attacked and that your users' security is not compromised.
XSS is the most common website vulnerability which can hack and leak sensitive information such as credit card and social security numbers. It is a code which enables the hacker to send malicious content to the end-user and collect data from the victim without any detection. According to Symantec, 84% of their documented vulnerabilities in 2007 were classified as XSS.
This type of scripting exploits the same origin policy.†For example, if Website A has the permission to access information on the system then any content that is linked to Website A will also have the same permissions. If an attacker find a way to infect the code of Website A, any information that Website A has access to (i.e. all the saved information in the browser of the user, ranging from saved passwords to cookies), the attacker will be able to download it onto his system as well.
In the past, websites like Twitter, Orkut, Facebook, YouTube, and MySpace have been affected by XSS scripting. This script can also be used to steal hidden personal data of users from servers of the compromised website.
It is recommended to have regular scanning of websites in order to make sure that you are not being attacked and that your users' security is not compromised.
Last edited: