The Cross Site Scripting FAQ
Websites today are more complex than ever, containing a lot of dynamic content making the experience for the user more enjoyable. Dynamic content is achieved through the use of web applications which can deliver different output to a user depending on their settings and needs. Dynamic websites have a threat that static websites don't, called "Cross Site Scripting" (or XSS dubbed by other security professionals). Currently small informational tidbits about Cross Site Scripting holes exist but none really explain them to an average person or administrator. This FAQ was written to provide a better understanding of this emerging threat, and to give guidance on detection and prevention.
[ Read more ]
- Vulnerability: NOCC Cross Site Scripting Vulnerability (15 May 2002)
- Vulnerability: CitiBank's C2IT.com Cross Site Scripting Bugs (8 January 2002)
- Vulnerability: Mail.com Cross Site Scripting Vulnerability (4 January 2002)
- Vulnerability: ICQ Portal Cross Site Scripting vulnerability (21 September 2001)
- Vulnerability: Yahoo France site vulnerable to Cross Site Scripting (14 September 2001)