Cross site scripting (XSS)

Top Deliverability > Cross site scripting (XSS)

Cross site scripting (XSS)

April 27, 2021
Posted by: Nicola Selenu

No Comments

« Back to Glossary Index

When a user injects malicious script into an otherwise trusted website. The malicious script will then run on the victim’s web browser, often in an attempt to steal user information such as credentials, session cookies and other sensitive data. Anywhere that allows user input can be vulnerable to an XSS attack. To avoid these attacks a web developer must ensure that user input is validated and encoded before it outputs this as a request. Despite being discovered in the 1990s cross-site scripting has consistently remained as one of OWASPs top 10 web application security risks.

Synonyms:

Cross site scripting, XSS

Related Articles:

Glossary: Cross site scripting (XSS)

« Back to Glossary Index

Related Terms:

Author:Nicola Selenu

<img alt='' src='//www.gravatar.com/avatar/939fc9ca6f4fb30cf3a8ebaf1d449059?s=174&r=g&d=mm' srcset='//www.gravatar.com/avatar/939fc9ca6f4fb30cf3a8ebaf1d449059?s=174&r=g&d=mm 2x' class='avatar avatar-174 photo' height='174' width='174' decoding='async'/>

Nicola Selenu is a recognized leader in the Email Industry (with 15 years of professional experience as an Email Marketing and Deliverability Consultant) and an active member of the Anti-Abuse community. Some (of the many) brands that proudly served during his career in Email are: Adobe, Nestlé, Expedia, Gucci, Bulgari, Luxottica, UNHCR, Amnesty International, LastMinute, Acer, Groupon.

Cross site scripting (XSS)

Top Deliverability > Cross site scripting (XSS)

Cross site scripting (XSS)

April 27, 2021
Posted by: Nicola Selenu

No Comments

« Back to Glossary Index

When a user injects malicious script into an otherwise trusted website. The malicious script will then run on the victim’s web browser, often in an attempt to steal user information such as credentials, session cookies and other sensitive data. Anywhere that allows user input can be vulnerable to an XSS attack. To avoid these attacks a web developer must ensure that user input is validated and encoded before it outputs this as a request. Despite being discovered in the 1990s cross-site scripting has consistently remained as one of OWASPs top 10 web application security risks.

« Back to Glossary Index

Related Terms:

Author:Nicola Selenu

<img alt='' src='//www.gravatar.com/avatar/939fc9ca6f4fb30cf3a8ebaf1d449059?s=174&r=g&d=mm' srcset='//www.gravatar.com/avatar/939fc9ca6f4fb30cf3a8ebaf1d449059?s=174&r=g&d=mm 2x' class='avatar avatar-174 photo' height='174' width='174' decoding='async'/>

Nicola Selenu is a recognized leader in the Email Industry (with 15 years of professional experience as an Email Marketing and Deliverability Consultant) and an active member of the Anti-Abuse community. Some (of the many) brands that proudly served during his career in Email are: Adobe, Nestlé, Expedia, Gucci, Bulgari, Luxottica, UNHCR, Amnesty International, LastMinute, Acer, Groupon.

This website uses cookies and asks your personal data to enhance your browsing experience.

Ok, I agree Privacy Policy