attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to...
31 KB (3,614 words) - 06:10, 28 July 2025
and JavaScript fetch or XMLHttpRequests, for example, can all work without the user's interaction or even knowledge. Unlike cross-site scripting (XSS),...
30 KB (3,709 words) - 04:25, 25 July 2025
HTTP cookie (redirect from Same-site cookie)
credentials) to the website to which the cookie belongs (see cross-site scripting and cross-site request forgery for examples). Tracking cookies, and especially...
93 KB (10,944 words) - 02:30, 24 June 2025
error handling than JSONP. While JSONP can cause cross-site scripting (XSS) issues when the external site is compromised, CORS allows websites to manually...
14 KB (1,504 words) - 22:38, 5 August 2025
Code injection (redirect from Script injection)
Windows. Attacking web users with Hyper Text Markup Language (HTML) or Cross-Site Scripting (XSS) injection. Code injections that target the Internet of Things...
29 KB (3,107 words) - 02:01, 24 June 2025
Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from...
18 KB (1,779 words) - 12:48, 27 November 2024
Dynamic web page (redirect from Client-side scripting)
client-side scripting must use presentation technology broadly called rich interfaced pages. Client-side scripting languages like JavaScript or ActionScript, used...
15 KB (1,856 words) - 19:40, 28 June 2025
which must only be set by the browser. Cross origin resource sharing Same origin policy Cross-site scripting Cross-site request forgery While there are other...
65 KB (7,518 words) - 03:17, 7 June 2025
trusted code is executed on a Web page. A common JavaScript-related security problem is cross-site scripting (XSS), a violation of the same-origin policy. XSS...
84 KB (7,915 words) - 11:58, 9 August 2025
Cross-site may refer to the following network security exploits: Cross-site cooking Cross-site request forgery Cross-site scripting Cross-site tracing...
194 bytes (55 words) - 04:12, 28 December 2019
Client-side-scripting, server-side scripting, or a combination of these make for the dynamic web experience in a browser.[citation needed] JavaScript is a scripting...
106 KB (10,534 words) - 09:51, 6 August 2025
Self-XSS (self cross-site scripting) is a type of security vulnerability used to gain control of victims' web accounts. In a Self-XSS attack, the victim...
6 KB (552 words) - 07:35, 27 July 2025
via cross-site scripting or other features on the website that might allow for markup injection. <a href="https://attacker.com/malicious_script.js"...
15 KB (1,734 words) - 05:56, 8 April 2024
that are not expected by either the site operator or user, such as cross-site scripting. Moreover, by making sites which do not correctly assign MIME types...
5 KB (618 words) - 05:10, 29 January 2024
Cross-application scripting (CAS) is a vulnerability affecting desktop applications that don't check input in an exhaustive way. CAS allows an attacker...
3 KB (459 words) - 16:29, 20 June 2025
Web Messaging (redirect from Cross-document messaging)
rendered in a web browser. Prior to HTML5, web browsers disallowed cross-site scripting, to protect against security attacks. This practice barred communication...
7 KB (681 words) - 23:29, 18 November 2024
Double encoding (section Cross-site scripting)
and security filters against code injection, directory traversal, cross-site scripting (XSS) and SQL injection. In double encoding, data is encoded twice...
14 KB (1,869 words) - 21:00, 26 June 2025
spammers began to leverage the product, and increased issues arose when cross-site scripting security vulnerabilities were exploited in the product. A significant...
6 KB (363 words) - 16:02, 29 April 2024
Samy (computer worm) (category JavaScript)
known as JS.Spacehero) is a cross-site scripting worm (XSS worm) that was designed to propagate across the social networking site MySpace by Samy Kamkar....
4 KB (367 words) - 03:39, 13 June 2025
Same-origin policy (section Read access to sensitive cross-origin responses via reusable authentication)
subdomains rather than port numbers. Cross-origin resource sharing Cross-site scripting Cross-site request forgery Site isolation Content Security Policy...
19 KB (2,176 words) - 14:38, 13 July 2025
system. Cross-Site Scripting Cross-site scripting is a type of security vulnerability that can be found when a threat actor injects a client-side script into...
17 KB (2,007 words) - 13:02, 21 May 2025
web application's known vulnerabilities, such as SQL injection, cross-site scripting (XSS), file inclusion, and improper system configuration. Most of...
13 KB (1,351 words) - 08:12, 30 July 2025
SVG (section Scripting and animation)
rendered by most web browsers. SVG can include JavaScript, potentially leading to cross-site scripting. SVG has been in development within the World Wide...
61 KB (6,080 words) - 14:56, 4 August 2025
relation to a cross site scripting vulnerability in Hotmail. XSS worms exploit a security vulnerability known as cross site scripting (or XSS for short)...
5 KB (626 words) - 18:05, 21 June 2025
HTML sanitization can be used to protect against attacks such as cross-site scripting (XSS) by sanitizing any HTML code submitted by a user. Basic tags...
4 KB (405 words) - 10:05, 7 December 2023
users to modify under a developer source license. In April 2010, a cross-site scripting vulnerability in Jira led to the compromise of two Apache Software...
10 KB (850 words) - 18:16, 5 August 2025
Phishing (redirect from Phishing site)
kits through the compromise of legitimate web pages, often using cross site scripting. Hackers may insert exploit kits such as MPack into compromised websites...
92 KB (8,520 words) - 09:13, 10 August 2025
to process it at all. This is intended to prevent attacks (e.g. cross site scripting) which may exploit a difference between the client and server in...
24 KB (2,454 words) - 05:06, 16 November 2024
in a number of cross-site scripting (XSS) attacks on websites such as eBay due to its ability to evade cross-site scripting detection filters. LOLCODE...
23 KB (2,524 words) - 13:08, 31 July 2025
containing an advertisement is usually generated by JavaScript that uses cross-site scripting (XSS), sometimes with a secondary payload that uses Adobe...
13 KB (1,633 words) - 05:57, 29 July 2025