Cross Site Scripting (XSS) Attacks

By: Pooja

In this article, we are going to briefly describe the fundamental concepts of the cross-site scripting (XSS) attack.

Definition of XSS attack  

XSS comes under the category of code injection attacks. It is one of the most severe security vulnerabilities that exist in the web applications. It is ranked among the top 10 web application vulnerabilities by the OWASP. In this attack, the attacker injects judiciously crafted malicious scripts into the vulnerable web application. The origin of the XSS attack is the inappropriate filtering of the data being entered by any user, due to which an attacker easily introduces malicious code into the Web pages. These malicious scripts run on the client-side in the user’s Web browser. It enables an attacker to evade Same-Origin-Policy (SOP) that helps in separating the content of different web application.

XSS attack does not cause any harm to the web application, rather it targets the end-users of the web application. Once it is successfully executed, the attacker can gain access to sensitive information like cookie information, session token, etc. It may be triggered as an initial step to launch other cyber-attacks like phishing and to infect the benign user device with malware so that the infected device becomes a part of the botnet army. These bots then will be exploited to launch Distributed Denial of Service (DDoS) attacks on a massive scale. 

This attack usually exploits vulnerabilities in the web application that are built with a range of programming languages comprising PHP, Java,, etc. Among all, PHP is a highly used language. An attacker can craft malicious code using a variety of programming languages consisting of JavaScript, VBScript, ActiveX, Flash. Most browsers use JavaScript to support dynamic web pages, therefore, attackers frequently exploit the JavaScript language to craft malicious attack vectors for XSS attacks. This drives XSS attacks as one of the most recurrently occurring and venomous attacks.

Consequences of XSS attack

XSS attacks can cause destructive consequences. Some of the most common and severe effects are described below:

  • Cookie stealing: It is possible for an attacker to steal the cookie sent by the server containing session ID and take control of the user account and may perform malicious activities such as sending spam messages to fuser’s friends etc.
  • Account hijacking: Attackers can steal sensitive information like financial account credentials or bank account login details for the use of their benefits. If account is hijacked, the attacker has access to the OSN server and database system and thus has complete control over the OSN Web application.
  • Misinformation: This is a threat of credentialed misinformation. It may include malwares which may track the user like traffic statistics, leading to loss of privacy. Moreover, these may also alter the content of the page, leading to loss of integrity.
  • Denial-of-Service Attack: Data availability is utmost important functionality provided by any enterprise. But the XSS attack can be used to redirect the user to some other fake web page so that he/she cannot access the legitimate website, whenever the user makes a request to that web page. Thus, the attacker successfully launches the DDoS attack. Malicious scripts may also crash the user browser by indefinitely blocking the service of the Web application through pop-ups.
  • Browser exploitation: Malicious scripts may redirect the user browser to attacker’s site so that attacker can take full control of user’s computer and use it to install malicious programs like viruses, Trojan horses etc. and may get access to user’s sensitive information.
  • Remote Control on System: Once the XSS attack vector is executed on the victim’s machine, it will open a way for the attacker to inject different malwares that help to gain remote access to the victim’s system. Thereafter, the system may perform malicious activity on the Internet or become part of the network to launch different attacks such as the botnet army.
  • Phishing: When the user clicks on the malicious link sent by the attacker, then it may redirect the user to the fake web site designed by the attacker to gain access to sensitive information such as the user’s login credentials.

See more about XSS attack

XSS Attack Related Security Vulnerabilities

2140cookie-checkCross Site Scripting (XSS) Attacks
Share this:

13 thoughts on “Cross Site Scripting (XSS) Attacks

  1. I have read some excellent stuff here. Certainly value bookmarking for revisiting. I surprise how a lot effort you set to make such a great informative web site.

  2. I just couldn’t go away your website before suggesting that I really enjoyed the usual information a person provide to your visitors? Is gonna be back often in order to inspect new posts

  3. Definitely, what a fantastic website and illuminating posts, I definitely will bookmark your website.All the Best!

  4. Hey there, You have performed a great job. I will definitely digg it and individually suggest to my friends. I’m confident they will be benefited from this web site.

  5. Thanks for one’s marvelous posting! I truly enjoyed reading it, you might be a great author.I will be sure to bookmark your blog and will often come back at some point. I want to encourage one to continue your great writing, have a nice weekend!

  6. Wow, amazing blog layout! How long have you been blogging for? you make blogging look easy. The overall look of your web site is fantastic, let alone the content!

  7. You made various fine points there. I did a search on the topic and found most persons will consent with your blog.

  8. Outstanding post however I was wanting to know if you could write a litte more on this topic?
    I’d be very thankful if you could elaborate a little bit more.


Leave a Reply

Your email address will not be published.