What is "xss"

SUMMARY:

Cross-site scripting (XSS) is a type of computer security system vulnerability, commonly found in web applications that activate malicious attacks when injecting client-side scripts within the pages web seen by other users.

CLASSIFICATION:

  • Nonpersistent: Also called reflected, it is the most common type of XSS. These failures appear when data provided by a web client, most commonly in HTTP query parameters or HTML form submissions, is immediately used by server-side scripts to parse and display a results page to and from the user, without proper cleaning of the application.

  • Persistent: Also called stored, it is a more devastating variant of an XSS failure that occurs when the data provided by the attacker is saved by the server and then displayed on "normal" pages returned to other users in the course of a normal browsing without proper HTML.

For more information, visit: Cross-site scripting.