What is the definition of the term "Cross-Site Scripting"? What is the potential impact to servers and clients?

Question

What do you see as the most critical and current threats effecting Internet accessible websites?

Answer 1

Defining cross-site scripting

JavaScript is a powerful tool for developing rich Web applications. Without client-side execution of code embedded in HTML and XHTML pages, the dynamic nature of Web applications like Google Maps, Try Ruby! and Zoho Office would not be possible. Unfortunately, any time you add complexity to a system, you increase the potential for security issues -- and adding JavaScript to a Web page is no exception.

For More informationhttp://www.techrepublic.com/blog/it-security/what-is-cross-site-scripting/

Answer 2

(Acronym XSS) An attack technique that forces a web site to echo client-supplied data, which execute in a users web browser. When a user is Cross-Site Scripted, the attacker will have access to all web browser content (cookies, history, application version, etc). XSS attacks do not typically directly target the web server or application, but are rather aimed at the client. The web server is merely used as a conduit for the XSS data to be presented to the end client. See also "Client-Side Scripting".