Cross-Site Scripting

A cross-site scripting (XSS) attack rewrites the structure of a Web page or executes arbitrary JavaScript within the victim's Web browser. It occurs when a Web site takes some piece of information from the user such as an e-mail address, a user ID, a comment to a blog post, or a zip code and displays the information in a Web page. All forms of the XSS attack rely on the ability of a user-supplied bit of information to be rendered in the site's Web page such that the Document Object Model (DOM) structure will be modified. The Web site acts as a broker that carries the payload from the attacker to the Web browser of anyone who visits it. Any portion of the Uniform Resource Identifier (URI) can be manipulated for XSS. Directory names, file names, and parameter name/value pairs would all be interpreted by the Web server in some manner. The URI is dangerous even when it might be invalid, points to a nonexistent page, or has no bearing on the Web site's logic. An interesting XSS delivery variant uses the DOM to modify itself in an unexpected manner. The attacker assigns the payload to some property of the DOM that will be read and echoed by a script within the same Web page.