Definition
XSS is an attack that exploits a website’s weaknesses to install malicious scripts on secure pages. Because browsers cannot differentiate good code from bad, visitors execute such scripts that expose account credentials or infect their devices.
Real XSS Examples
- 2018: Attackers altered the British Airways site, sending customer information to a fake server and scanning credit card information from 380,000 transactions.
- 2015: Cybercriminals exploited an eBay weakness to steal payment information, manipulate listings, and obtain complete access to seller accounts.
Safeguarding Against XSS Attacks
- Examine the URL for any abnormalities.
- Launch the web page’s code in your browser and examine for harmful scripts.
- Employ a safe and updated browser.
- Use tools that filter out known compromised sites.
What are the Types of XSS Attacks?
Here are the three key types of XSS attacks:
- Reflected XSS: Where the dangerous script originates from the existing HTTP request.
- Stored XSS: Where the harmful script originates from a website’s database.
- DOMP-based XSS: Where the weakness occurs in client-side code instead of the server-side code.