Encyclopedia > XSS

  Article Content

Cross site scripting

Redirected from XSS

Cross site scripting (XSS) is a type of computer security exploit where information from one context, where is is not trusted, can be inserted into another context, where it is. From the trusted context, an attack can be launched.

A classic example of cross site scripting is to supply parameters to a CGI script on a web site which cause the web site to emit bogus data. For example, the use of HTML client-side scripting language fragments in a web page parameter may insert this information into the rendered page, resulting in targeted web browsers executing the code.

This may be done by entering data into a web form on the site, for example as part of a bulletin board feature, or by publically posting a URL which users are likely to click on, for example in E-mails or Usenet.

The name "cross site" derives from the way the attack is directed "across" the web-site, from the attacking data source to the attacked browser.

Note: Cross site scripting is also sometimes abbreviated "CSS", but is nothing to do with the cascading style sheet technology that is more commonly called CSS.

External links



All Wikipedia text is available under the terms of the GNU Free Documentation License

 
  Search Encyclopedia

Search over one million articles, find something about almost anything!
 
 
  
  Featured Article
Monty Woolley

... Woolley was a professor and lecturer at Yale University (one of his students was Thornton Wilder) who began acting on Broadway in 1936. He was typecast as the ...

 
 
 
This page was created in 62.9 ms