Not to be confused with XML Stylesheets (same acronym), cross-site scripting, also known as XSS, is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It works by manipulating a vulnerable web site so that it returns malicious JavaScript to users. When the malicious code executes inside a victim's browser, the attacker can fully compromise their interaction with the application.
Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a user, carry out any actions that the user can perform, and access any of the user's data. If the user has privileged access within the application, then the attacker might be able to gain full control of all the application's functionality and data.
Watch this Radware Minute episode with Radware’s Uri Dorot to learn what Cross-Site Scripting (XSS) is, what the common XSS-based cyber attacks are, and how they can damage your applications and put your database at risk.
There are three main types of XSS attacks. These are: Reflected XSS - where the malicious script comes from the current HTTP request. Stored XSS - where the malicious script comes from the website's database. DOM-based XSS - where the vulnerability exists in client-side code rather than server-side code.