Cross-Site Scripting (XSS)

Not to be confused with XML Stylesheets (same acronym), cross-site scripting, also known as XSS, is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It works by manipulating a vulnerable web site so that it returns malicious JavaScript to users. When the malicious code executes inside a victim's browser, the attacker can fully compromise their interaction with the application.

Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a user, carry out any actions that the user can perform, and access any of the user's data. If the user has privileged access within the application, then the attacker might be able to gain full control of all the application's functionality and data.

Watch this Radware Minute episode with Radware’s Uri Dorot to learn what Cross-Site Scripting (XSS) is, what the common XSS-based cyber attacks are, and how they can damage your applications and put your database at risk.

There are three main types of XSS attacks. These are: Reflected XSS - where the malicious script comes from the current HTTP request. Stored XSS - where the malicious script comes from the website's database. DOM-based XSS - where the vulnerability exists in client-side code rather than server-side code.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center