XSS or Cross (X) Site Scripting is a type of security vulnerability in web pages or web applications that allows an attacker to use a website’s inputs to return malicious code to the website or other users. XSS is a type of attack that can vary widely in its execution.
Popular XSS Examples
One of the most famous and notorious XSS attacks was on the MySpace social networking website. A cross-site scripting vulnerability allowed Samy Kamar, the creator of the virus, to add code onto his MySpace profile page. This code, when executed by any user who visits his profile page, would automatically send Samy a friend request, as well as replicating the code onto any user’s profile page that viewed that code. This allowed the continued distribution of the virus, later resulting in excess of a million friend requests.
While the Samy virus is the fastest spreading and one of the most popular, there are many instances of XSS attacks and while it is common knowledge within the developer community to take preventive steps to avoid XSS vulnerabilities, there are many being found each day.