XSS - Where the name is from?
Cross-site scripting (XSS) vulnerabilities occur in the following scenario:
- From a web request not trusted data enters a web application (blog, whatever…)
- The web application dynamically generates a web page that contains this not trusted data.
- Browsers access the the generated web page and execute malicious code.
- Since the script comes from a web page that was sent by the web server, the victim’s web browser executes the malicious script in the context of the web server’s domain.
- This violates the web browser’s same-origin policy, which states that scripts in one domain should not be able to access resources or run code in a different domain and there for the name XSS
…tags: & category: -