What is Cross Site Scripting (XSS)? / Understanding the Penetration Test Report / Question and Answers / binsec.wiki | pentesting - secure coding - forensic

Cross Site Scripting (XSS) is an attack on web applications in which an attacker injects malicious Java Script code into a web page, which is afterwards executed by other users browser when visiting the web page. The code can be injected in various places, such as URL parameters, a web form or a comments section.

When the victim then accesses the infected website, the malicious code is executed and can be used to steal personal data such as passwords or cookies, or to perform malicious actions such as redirecting to another website or altering the content of a website.

There are different types of XSS attacks, including stored XSS (the malicious code is stored on the server and executed each time the affected web page is accessed) and reflected XSS (the malicious code is embedded directly in the URL and executed each time the web page is requested).

Last modified: April 21, 2023

binsec GmbH

binsec GmbH is a consulting firm for information security and was founded in 2013 by security experts. Our team consists of experienced, certified specialists with different areas of expertise. Due to our extensive expertise in many different IT security fields, we can support our customers with a wide array of issues. Most of our customers are medium-sized companies, for whom security is pivotal to success.

Keywords

Cross Site Scripting (XSS)