S
sinu
Thread author
XSS stands for Cross-Site Scripting and is a Web-based security vulnerability that's been around since the birth of modern Web development techniques.
XSS attacks account for 12.75% of all of today's Web-based attacks, and almost 70% of all reported vulnerabilities are XSS-related. Almost 90% of all websites have at least one XSS vulnerability.
Besides DDOS attacks and SQL injections, XSS attacks are the third most encountered form of Web attacks.
In the past, big-name websites like Twitter, Facebook, YouTube, Yahoo, MySpace, or PayPal have all been victims of such attacks.
XSS attacks can be of two kinds: reflected and stored.
A Reflected XSS attack occurs when hackers craft malicious URLs which Web servers execute via a single request and response loop. They are the most common and have a short lifespan, affecting one user at a time. They are also called first-order XSS, type 1 XSS, or non-persistent XSS.
A Stored XSS attack is the worst of the two, and it involves the attacker crafting a malicious script, which then gets stored on the Web server. This type of XSS attacks have a broader target, since once saved on the server in the form of a comment or database entry, they then can be displayed to all the users accessing that page without having to make them access a maliciously crafted URL. This type of attack is also called second-order XSS, type 2 XSS, or persistent XSS.
XSS attacks account for 12.75% of all of today's Web-based attacks, and almost 70% of all reported vulnerabilities are XSS-related. Almost 90% of all websites have at least one XSS vulnerability.
Besides DDOS attacks and SQL injections, XSS attacks are the third most encountered form of Web attacks.
In the past, big-name websites like Twitter, Facebook, YouTube, Yahoo, MySpace, or PayPal have all been victims of such attacks.
XSS attacks can be of two kinds: reflected and stored.
A Reflected XSS attack occurs when hackers craft malicious URLs which Web servers execute via a single request and response loop. They are the most common and have a short lifespan, affecting one user at a time. They are also called first-order XSS, type 1 XSS, or non-persistent XSS.
A Stored XSS attack is the worst of the two, and it involves the attacker crafting a malicious script, which then gets stored on the Web server. This type of XSS attacks have a broader target, since once saved on the server in the form of a comment or database entry, they then can be displayed to all the users accessing that page without having to make them access a maliciously crafted URL. This type of attack is also called second-order XSS, type 2 XSS, or persistent XSS.