What is Cross-Site Scripting (XSS)? Cross-Site Scripting


XSS refers to a group of attack methods that mainly involve bypassing client-side security and injecting malicious code into webpages to gain heightened priviledges and information (such as session data) from users who access the compromised website. This might be achieved by redirecting the users to a fake site that looks identical to the original, which in turn captures the cookie and session data of the user.

I only need to know one thing: where they are

Anytime, anywhere, man! Malicious scripts can be injected in a number of ways. These include such tags as:

If you're dynamically updating the content of a page, and one or more of these tags are added to an unsanitised input form, your page has been compromised. This puts your users and your credibility at risk.