kids encyclopedia robot

Cross-site scripting facts for kids

Kids Encyclopedia Facts

Cross-site scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code.

How it works

In a Cross-site Scripting attack (XSS), the attacker uses your vulnerable web page to deliver malicious JavaScript to your user. The user's browser executes this malicious JavaScript on the user's computer. Note that about one in three websites is vulnerable to Cross-site scripting.

Even though a Cross-site Scripting attack happens in the user's browser, it may affect your website or web application. For example, an attacker may use it to steal user credentials and log in to your website as that user. If that user is an administrator, the attacker gains control over your website.

How to protect against it

To protect against Cross-site Scripting, you must scan your website or web application regularly or at least after every chance in the code. Then, your developers must correct the code to eliminate the vulnerability. Contrary to popular opinions, web application firewalls do not protect against Cross-site Scripting, they just make the attack more difficult – the vulnerability is still there.

See also

Kids robot.svg In Spanish: Cross-site scripting para niños

kids search engine
All content from Kiddle encyclopedia articles (including the article images and facts) can be freely used under Attribution-ShareAlike license, unless stated otherwise. Cite this article:
Cross-site scripting Facts for Kids. Kiddle Encyclopedia.