Cross Site Scripting-page-1
The second most commonly exploited web vulnerability is Cross Site Scripting (SQL Injection being the first). Cross Site Scripting, also known as XSS is a injection type web application vulnerability, which occurs mainly when a web application allows the user supplied data to be actively displayed and rendered on a webpage without proper escaping or encoding.
Unlike SQL Injection, this vulnerability affects the user instead of the web application. In this chapter, we will understand what Scripting is, and then move on to Cross Site Scripting Attacks.
However, in some cases, it may pose as a security risk too, where malicious scripts are embedded on behalf of legitimate website, to compromise the user’s security.
<h1>Test Web Page</h1>
<button type="button" onclick="hello()">Hello</button>
When the web browser would run the webpage, we would get the webpage to be like this.
Just like this example, in Cross Site Scripting attacks, a script is used to perform malicious actions on behalf of the user. To add more, the spams, which you get to see on famous Social Networking websites these days, most of them are an example of XSS.