{"id":10551,"date":"2011-05-19T00:00:00","date_gmt":"2011-05-19T00:00:00","guid":{"rendered":"https:\/\/www.techopedia.com\/definition\/cross-site-scripting\/"},"modified":"2022-04-19T20:03:17","modified_gmt":"2022-04-19T20:03:17","slug":"cross-site-scripting","status":"publish","type":"definition","link":"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss","title":{"rendered":"Cross Site Scripting"},"content":{"rendered":"

What Does Cross Site Scripting Mean?<\/span><\/h2>\n

Cross Site Scripting (XSS) is the process of addition of malicious code to a genuine website to gather user’s information with a malicious intent. XSS attacks are possible through security vulnerabilities found in Web applications and are commonly exploited by injecting a client-side script. Although JavaScript is usually employed, some attackers also use VBScript, ActiveX or Flash.<\/p>\n

Techopedia Explains Cross Site Scripting<\/span><\/h2>\n

When an XSS vulnerability is successfully exploited, the server application can be seriously exposed to major risks. For instance, users can be duped into executing malicious scripts when viewing dynamically generated pages. Another possibility involves an attacker taking over a user session before its corresponding session cookie expires. In yet another case, innocent users can be connected to a malicious server. <\/p>\n

In practically all scenarios, a victim’s system is attacked by using the victim’s privileges themselves. The attacks can then evolve into account hijacking, cookie theft, false advertising and modifications in the user settings of the victim’s account.<\/p>\n

One way of mitigating the risks of XSS exploits is by turning off active scripting in browsers. Unfortunately, this also takes away a browser’s capability to execute dynamic websites and isn't a realistic solution for most users.<\/p>\n","protected":false},"excerpt":{"rendered":"

What Does Cross Site Scripting Mean? Cross Site Scripting (XSS) is the process of addition of malicious code to a genuine website to gather user’s information with a malicious intent. XSS attacks are possible through security vulnerabilities found in Web applications and are commonly exploited by injecting a client-side script. Although JavaScript is usually employed, […]<\/p>\n","protected":false},"author":7813,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","format":"standard","meta":{"_acf_changed":false,"_lmt_disableupdate":"","_lmt_disable":"","om_disable_all_campaigns":false,"footnotes":""},"definitioncat":[218,216],"class_list":["post-10551","definition","type-definition","status-publish","format-standard","hentry","definitioncat-cybersecurity","definitioncat-software-development"],"acf":[],"yoast_head":"\nWhat is Cross Site Scripting (XSS)? - Definition from Techopedia<\/title>\n<meta name=\"description\" content=\"This definition explains the meaning of Cross Site Scripting and why it matters.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cross Site Scripting\" \/>\n<meta property=\"og:description\" content=\"This definition explains the meaning of Cross Site Scripting and why it matters.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss\" \/>\n<meta property=\"og:site_name\" content=\"Techopedia\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/techopedia\/\" \/>\n<meta property=\"article:modified_time\" content=\"2022-04-19T20:03:17+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@techopedia\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss\"},\"author\":{\"name\":\"Margaret Rouse\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/f5dd538e31ee352d105b8af36c4268a5\"},\"headline\":\"Cross Site Scripting\",\"datePublished\":\"2011-05-19T00:00:00+00:00\",\"dateModified\":\"2022-04-19T20:03:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss\"},\"wordCount\":217,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss#respond\"]}],\"articleSection\":\"\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss\",\"url\":\"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss\",\"name\":\"What is Cross Site Scripting (XSS)? - Definition from Techopedia\",\"isPartOf\":{\"@id\":\"https:\/\/www.techopedia.com\/#website\"},\"datePublished\":\"2011-05-19T00:00:00+00:00\",\"dateModified\":\"2022-04-19T20:03:17+00:00\",\"description\":\"This definition explains the meaning of Cross Site Scripting and why it matters.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.techopedia.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Term\",\"item\":\"https:\/\/www.techopedia.com\/definition\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Cross Site Scripting\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.techopedia.com\/#website\",\"url\":\"https:\/\/www.techopedia.com\/\",\"name\":\"Techopedia\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.techopedia.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.techopedia.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.techopedia.com\/#organization\",\"name\":\"Techopedia\",\"url\":\"https:\/\/www.techopedia.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg\",\"width\":209,\"height\":37,\"caption\":\"Techopedia\"},\"image\":{\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/techopedia\/\",\"https:\/\/x.com\/techopedia\",\"https:\/\/www.linkedin.com\/company\/techopedia\/\",\"https:\/\/www.youtube.com\/c\/Techopedia\"],\"publishingPrinciples\":\"https:\/\/www.techopedia.com\/about\/editorial-policy\",\"ownershipFundingInfo\":\"https:\/\/www.techopedia.com\/about\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/f5dd538e31ee352d105b8af36c4268a5\",\"name\":\"Margaret Rouse\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/margaret-rouse-headshot.jpeg\",\"contentUrl\":\"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/margaret-rouse-headshot.jpeg\",\"caption\":\"Margaret Rouse\"},\"description\":\"Margaret is an award-winning writer and educator known for her ability to explain complex technical topics to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles in the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret\u2019s idea of \u200b\u200ba fun day is to help IT and business professionals to learn to speak each other\u2019s highly specialized languages.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/margaretrouse\/\",\"https:\/\/x.com\/https:\/\/twitter.com\/@techdefinitions\"],\"knowsAbout\":[\"Technology expert\"],\"url\":\"https:\/\/www.techopedia.com\/contributors\/margaret-rouse\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"What is Cross Site Scripting (XSS)? - Definition from Techopedia","description":"This definition explains the meaning of Cross Site Scripting and why it matters.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss","og_locale":"en_US","og_type":"article","og_title":"Cross Site Scripting","og_description":"This definition explains the meaning of Cross Site Scripting and why it matters.","og_url":"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss","og_site_name":"Techopedia","article_publisher":"https:\/\/www.facebook.com\/techopedia\/","article_modified_time":"2022-04-19T20:03:17+00:00","twitter_card":"summary_large_image","twitter_site":"@techopedia","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss#article","isPartOf":{"@id":"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss"},"author":{"name":"Margaret Rouse","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/f5dd538e31ee352d105b8af36c4268a5"},"headline":"Cross Site Scripting","datePublished":"2011-05-19T00:00:00+00:00","dateModified":"2022-04-19T20:03:17+00:00","mainEntityOfPage":{"@id":"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss"},"wordCount":217,"commentCount":0,"publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss#respond"]}],"articleSection":""},{"@type":"WebPage","@id":"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss","url":"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss","name":"What is Cross Site Scripting (XSS)? - Definition from Techopedia","isPartOf":{"@id":"https:\/\/www.techopedia.com\/#website"},"datePublished":"2011-05-19T00:00:00+00:00","dateModified":"2022-04-19T20:03:17+00:00","description":"This definition explains the meaning of Cross Site Scripting and why it matters.","breadcrumb":{"@id":"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.techopedia.com\/definition\/24435\/cross-site-scripting-xss#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.techopedia.com\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.techopedia.com\/topic\/4\/cybersecurity"},{"@type":"ListItem","position":3,"name":"Term","item":"https:\/\/www.techopedia.com\/definition"},{"@type":"ListItem","position":4,"name":"Cross Site Scripting"}]},{"@type":"WebSite","@id":"https:\/\/www.techopedia.com\/#website","url":"https:\/\/www.techopedia.com\/","name":"Techopedia","description":"","publisher":{"@id":"https:\/\/www.techopedia.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.techopedia.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.techopedia.com\/#organization","name":"Techopedia","url":"https:\/\/www.techopedia.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/08\/techopedia-light.svg","width":209,"height":37,"caption":"Techopedia"},"image":{"@id":"https:\/\/www.techopedia.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/techopedia\/","https:\/\/x.com\/techopedia","https:\/\/www.linkedin.com\/company\/techopedia\/","https:\/\/www.youtube.com\/c\/Techopedia"],"publishingPrinciples":"https:\/\/www.techopedia.com\/about\/editorial-policy","ownershipFundingInfo":"https:\/\/www.techopedia.com\/about"},{"@type":"Person","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/f5dd538e31ee352d105b8af36c4268a5","name":"Margaret Rouse","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.techopedia.com\/#\/schema\/person\/image\/","url":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/margaret-rouse-headshot.jpeg","contentUrl":"https:\/\/www.techopedia.com\/wp-content\/uploads\/2023\/02\/margaret-rouse-headshot.jpeg","caption":"Margaret Rouse"},"description":"Margaret is an award-winning writer and educator known for her ability to explain complex technical topics to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles in the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret\u2019s idea of \u200b\u200ba fun day is to help IT and business professionals to learn to speak each other\u2019s highly specialized languages.","sameAs":["https:\/\/www.linkedin.com\/in\/margaretrouse\/","https:\/\/x.com\/https:\/\/twitter.com\/@techdefinitions"],"knowsAbout":["Technology expert"],"url":"https:\/\/www.techopedia.com\/contributors\/margaret-rouse"}]}},"_links":{"self":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/definition\/10551"}],"collection":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/definition"}],"about":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/types\/definition"}],"author":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/users\/7813"}],"replies":[{"embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/comments?post=10551"}],"version-history":[{"count":0,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/definition\/10551\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/media?parent=10551"}],"wp:term":[{"taxonomy":"definitioncat","embeddable":true,"href":"https:\/\/www.techopedia.com\/wp-json\/wp\/v2\/definitioncat?post=10551"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}