Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
An XSS hole is a Web application that renders dynamic content to users with a computer security vulnerability. This application is cross-site scripting (XSS), and it enables an attacker to exploit a user's confidential data without passing an access control mechanism such as a same-origin policy. This defect is more appropriately known as an XSS hole.
For example, the user may come across a hyperlink in a Web application pointing to some malicious content. The user may click the link and be led to another page containing some advertisement or email bulletin. This page gathers user information in the form of a password. It also generates a malicious output page that indicates some fake response tailored to appear as genuine to the user. Either the data entered by the user can be misused or the user's session can be hijacked by cookie theft. Based on the sensitivity of the data collected, cross-site scripting can range from a mere vulnerability to a serious security loophole. After exploitation of the XSS vulnerability, the attacker may bypass the organization's access control policies.
The concept of cross-site scripting is based on the same original policy. Same original policies state that a Web browser using JavaScript can access different properties and methods belonging to the same site without any restrictions. Malicious attackers can exploit the concept of the same original policy by injecting malicious code into a website using JavaScript. When the Web pages are viewed by users, attackers may gather some useful user information such as a username or password.
As per statistics gathered by Symantec in 2007, cross-site scripting accounts for 80 percent of all the security attacks executed using computers. There are three types of cross-site scripting:
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.