Cross-site scripting (XSS) is a weakness facilitated by the lack of input validation on a Web form, a URL, or any...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The lack of input validation turns into a method for gleaning sensitive information such as login credentials, browser cookies, and more via specially crafted URLs sent in email links, posted on message boards, etc. You can think of XSS as an open spam relay on your email server. A direct exploit may or may not exist (depending on the context) but it still creates liability issues that your business probably doesn't want to take on.
Here are some other useful on how to handle XSS issues:
- Finding cross-site scripting (XSS) application flaws checklist
Cross-site scripting (XSS) is a major concern, it can be unpredictable and requires multiple tools to test it. Expert Kevin Beaver sheds light on XSS issues and recommends tools.
- Website security improved, but more can be done
A study of website security finds that although efforts are being made to prevent well-known attacks such as XSS and SQL injection, threats of newer attacks are rising.
- Proactively stamp out XSS cross scripting errors
Web-based application development expert Dan Cornell explains how to proactively reduce cross site scripting and SQL injection vulnerabilities
Related Q&A from Kevin Beaver
When replacing an email security gateway, should a Web security gateway be used or another email gateway? Expert Kevin Beaver explains.continue reading
Expert Kevin Beaver explains how organizations should address end-of-software development dates, and what they ultimately mean to enterprise security.continue reading
Are read-only domain controllers a more secure option for setting up domain services in a DMZ than using a separate domain? Expert Kevin Beaver ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.