A security vulnerability in a web application that results from improper filtering of input used to generate some sort of web page (in a form, for example). If the input contains a script which is not stripped out by the web application, it could be processed as part of the output and execute within the domain of the hosting web site. A hostile third-party could 'inject' a malicious script which would run in the user's browser under the security context of the trusted web site. This is frequently exploited to gain access to a user's cookies.
(Acronym – XSS) An attack technique that forces a web site to echo client-supplied data, which execute in a user's web browser. When a user is Cross-Site Scripted, the attacker will have access to all web browser content (cookies, history, application version, etc). See also " Client-Side Scripting".
The execution of script from one site in the context of a Web page from another site. This was not considered to be a problem in the basic design of the Web, but XSS has often come to be used for security attacks.
An attack performed through Web browsers, taking advantage of poorly-written Web applications. Cross-site scripting attacks can take many forms. One common form is for an attacker to trick a user into clicking on a specially-crafted, malicious hyperlink. The link appears to lead to an innocent site, but the site is actually the attacker's, and includes embedded scripts. What the script does is up to the attacker; commonly, it collects data the victim might enter, such as a credit card number or password. The malicious link itself might also collect the victim's cookie data. For more details and examples, see the LiveSecurity article, " Anatomy of a Cross-Site Scripting Attack."
A class of problems resulting from insufficient input validation where one user can add content to a web site that can be malicious when viewed by other users to the web site. For example, one might post to a message board that accepts arbitrary HTML, and include a malicious code item.
A Web application is vulnerable to XSS if an attacker can inject code that will be executed on the user's machine without the user knowing. This could be done by creating a link that directs the user to the site but includes malicious JavaScript statements in the URL. If the site is vulnerable then these statements would be returned to the user and executed within their browser.
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy.