Questions tagged [xss]

Cross-Site Scripting (XSS) is an injection attack. It is called XSS to avoid misunderstanding with CSS (Cascading Style Sheets). XSS is in OWASP top 10 list since 2004. There are three common XSS types: Stored, Reflected and DOM based. Here is the explanation for two common types of XSS:

1. Stored (persistent): Everywhere in a web application that stores data from user and retrieves later could be vulnerable to this type. For example, malicious script is commented by attacker for a post in a blog, script is stored as a comment in database and then is retrieved and executed automatically on targeted user's browser when the post is visited.
2. Reflected (non-persistent): In this type, malicious code is put in URL as a parameter and then URL is sent to the targeted user. When the URL is opened, malicious code will be executed automatically by the browser.

XSS attacks are prevented by user input validation and sanitization. Everywhere an input is taken must be validated and sanitized to avoid malicious script injection. Validation methods are based on whitelisting and blacklisting.

XSS attacks are common on the web and should be prevented. XSS vulnerability could be leveraged by attacker to hijack session and even trigger DOS attack. There is a good detailed explanation about XSS attacks in The Web Application Hacker's Handbook (Chapter 12).

There are some useful best practices in OWASP for XSS prevention:

1. Cross Site Scripting Prevention Cheat Sheet
2. DOM based XSS Prevention Cheat Sheet

Vulnerability scanners could be used to detect XSS in web applications, here are some useful links for such tools:

1. Acunetix
2. Tenable
3. Rapid7
4. NetSparker