Cross-site Scripting Attack

Cross-site Scripting Attack is a type of cyber attack that refers to client-side code injection attack where an attacker can execute the malicious payload (usually JavaScript) into a website or web application in such a way that it executes in the client browser. This attack can be carried out in different ways depending on the type of XSS attack, the malicious script may be reflected in the victim’s browser or stored in the database and executed every time. An attacker would exploit a vulnerability within a website or web application that victim visits, and this vulnerable website are used for delivering a malicious script to the victim’s browser.

Cross-site Scripting attack means sending and injecting malicious code or script into web pages using programming languages usually JavaScript and HTML. This attack can be carried out in different ways depending on the type of XSS attack, the malicious script may be reflected in the victim’s browser or stored in the database and executed every time. To run malicious code in a victim’s browser, an attacker injects a payload into a web page that the victim visits, then attack attacker needs to convince the victim to visit the web page for the malicious code to run. There are several forms in which XSS attack can occur which may include displayed advertisement on the website, Email that include malicious code or links and Cross-site Scripting can occur on the malicious script executed at the client side.

 

Cross-site Scripting can be used to test if a website or web application is vulnerable to XSS and other vulnerabilities. Tool like Acunetix or similar tools can be used for running an automated web vulnerability scan. The main purpose of Cross-site Scripting attack is to steal the victim’s identity data  such as cookies, session tokens and other information.

 

 

Similar articles

Cyber Crime

Hacking

Password Attack

Software Privacy

Web Jacking & Domain Name Hijacking

 

 

Olalekan Admin

Cyber Security Engineer

Leave a Reply

Your email address will not be published.