Cross site scripting

From Citizendium
Revision as of 17:43, 2 August 2010 by imported>Justin C. Klein Keane (initial stub)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Cross site scripting (XSS) is a programming flaw that allows attackers to inject arbitrary script into a web site. There are two main types of cross site scripting - stored and reflected. DOM based cross site scripting is a third type of cross site scripting.

Stored Cross Site Scripting

Stored cross site scripting involves a persistent script that an attacker can inject into a web application that is served to other requesters of a web page. A typical example of a stored XSS occurs when a malicious script is stored in a database that is used to compose page content for site visitors. This results in every site visitor requesting pages composed of database data containing malicious script.

Refelcted Cross Site Scripting

Reflected cross site scripting is a vulnerability that results when malicious scripts in request parameters are used to compose page responses in web applications. Reflected XSS does not persist, but is still useful for attackers who can obfuscate parameters and perform trust exploitation attacks.