• Web Security
• Security Threats
• Prevent SQL Injection
• Prevent Cross Site Scripting (XSS)
• Payment Card Industry (PCI) Compliance
• FAQ

• G.1440
• Web Security
• Prevent Cross Site Scripting (XSS)

Prevent Cross Site Scripting (XSS)

Cross-site scripting (XSS) is a type of web security vulnerability typically found in web sites and applications. Cross-site scripting is a result of code injection by malicious web users into the web pages viewed by other users. This can include HTML code and client-side scripts. An exploited cross-site scripting (XSS) vulnerability can be used by attackers to bypass access controls such as the same origin policy.

Dangers of Cross-Site Scripting

Cross-site scripting vulnerabilities have been exploited to craft powerful phishing attacks and browser exploits. According to Symantec, as of 2007, cross-site scripting carried out on websites made up roughly 80% of all documented security vulnerabilities. 

Cross-site scripting can hurt your image and customer reputation.  Infected sites can often be identified by Google - resulting in a listing marked as dangerous:

Prevent Cross-Site Scripting

Preventing XSS is a challenge, as cross-site scripting attacks change and evolve constantly - code that was built securely will often be vulnerable to new attacks if not updated.

Protect your web site & applications. Prevent Cross-site scripting . G.1440's Web Vulnerability Scan uses the latest technology to scan your site & applications to identify XSS threats and hundreds of other vulnerabilities before they're exploited.