Earlier this month, security researcher David Leo disclosed a new vulnerability found in Microsoft Internet Explorer. The vulnerability was initially reported in October but was not addressed by Microsoft. According to reports, the severe security flaw allowed the same origin policy of the browser to be violated, which could let attackers steal user credentials or deploy phishing attacks via different websites. The vulnerability is known as a universal cross-site scripting (XSS) flaw.
What is Cross-site Scripting?
Cross-site Scripting (XSS) is an attack found in websites and/or web applications that accept user input. Examples of these include search engines, message boards, login forms, and comment boxes. Web forms like those that return an error message, for example, make it possible for attackers to exploit this vulnerability by adding malicious code to these functions. This allows the malicious code into the targeted website’s content, making it a part of that website, and thus affecting users who visit or view the site.
Websites that are compromised through XSS can cause a number of threats to a user’s system. The impact may vary from a display of inappropriate content to allowing malware downloads without the user’s knowledge. Additionally, because attackers can turn trusted websites into malicious ones, this can cause damage to the reputation of the website owner. While XSS problems cannot be directly addressed by users, there are several ways to prevent being a victim. Here are suitable tips for web developers, IT admins, and users on how to avoid an XSS attack:
For Website developers
For IT Admins
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.