Читать книгу Cybersecurity For Dummies - Joseph Steinberg - Страница 86

Cross-site scripting (XSS) is a specific type of injection attack in which an attacker adds malicious code into a legitimate web site so that when a user visits the relevant website (via a web browser or app), the malicious code is delivered to the user’s device and is executed there. The attacker is able to insert the malicious code into the legitimate server because the server allows users to submit material that will then be displayed to other users.

Online user forums and social media platforms are prime candidates for cross-site scripting attacks if they are not properly secured against such attacks. So are websites that allow users to comment on information such as a news article. For example, an XSS attack may occur if a hacker submits malicious code within a comment in such a fashion that when a subsequent user’s browser tries to display the comment, it will end up executing the code.