4

Why so many people use different defenitions(attack or vulneraibility) for XSS? I think that XSS is attack, that exploits insufficient filtering vulnerability. Am I right?

The answer for this question should unambiguously explain what is correct definition for XSS, with additional commenting, why people uses different definitions.

Nikolai Golub
  • 159
  • 1
  • 1
  • 7

3 Answers3

7

XSS is both a vulnerability and an attack.

If we were being very strict about terminology, we would say "my website has an XSS vulnerability" and "we logged an XSS attack at 08:43". Often for shorthand people just say "XSS" and leave you to imply from the context whether they mean a vulnerability or an attack.

I would say that "insufficient filtering" is not a vulnerability itself, it is a category of vulnerabilities, including: SQL injection, XPath injection, path traversal, etc. In fact, I would usually call this category "injection". An XSS vulnerability is an example of an injection vulnerability.

paj28
  • 32,736
  • 8
  • 92
  • 130
3

As the definition says

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. Source: http://en.wikipedia.org/wiki/Cross-site_scripting

XSS is a vulnerability, because XSS-vulnerable site gives the attacker the opportunity to attack it using script injection. However it's also considered an attack vector, which is why probably people mix it with an attack.

In short

XSS - vulnerability or an attack vector

script injection - attack technique

Regarding terminology, the difference/relation between attack and vulnerability is in short that the attack is an exploitation of a vulnerability. Therefore it is an action done in order to harm the target, after discovering the vulnerability.

Community
  • 1
Dropout
  • 243
  • 1
  • 6
  • Don't beat me for quoting Wiki, please ;) – Dropout Oct 16 '14 at 08:42
  • I have seen a slightly different (and probably somehow better) definition of attack: Attack is an attempt (successful or not) to breach a system (maybe through a vulnerability, possibly through a phishing). So, you may even perform an XSS attack on a site that is not vulnerable, although the attack will not be successful :) – v6ak Aug 10 '15 at 18:42
1

XSS stands for Cross Site Scripting. So think about it, what is scripting? That's the noun form of the verb for the attack. You don't Cross-Site-Script (verb) unless you're attacking. It's not something you do to make a site vulnerable, it's something you do to compromise. Though as the marked-correct answer indicates, to be clear we should indicate which form we mean, because frankly, my argument is nothing more than pedantic linguistics. (So is the question really!) ;-)

Iain Duncan
  • 382
  • 2
  • 12