Redirected from Cross Site Scripting
A classic example of cross site scripting is to supply parameters to a CGI script on a web site which cause the web site to emit bogus data. For example, the use of HTML client-side scripting language fragments in a web page parameter may insert this information into the rendered page, resulting in targeted web browsers executing the code.
This may be done by entering data into a web form on the site, for example as part of a bulletin board feature, or by publically posting a URL which users are likely to click on, for example in E-mails or Usenet.
The name "cross site" derives from the way the attack is directed "across" the web-site, from the attacking data source to the attacked browser.
Note: Cross site scripting is also sometimes abbreviated "CSS", but is nothing to do with the cascading style sheet technology that is more commonly called CSS.
Search Encyclopedia
|
Featured Article
|