Monthly Archives: October 2014

What can happen if my website is vulnerable to XSS (Cross Site Scripting) attack?


Cross-Site Scripting or XSS attacks are a type of injection, in which malicious scripts are injected into a website. As the script comes through a trusted website, the malicious script can access any cookies, session tokens or other sensitive information retained by the browser and used with that site. Unlike the other attacks, XSS targets end user of your website and harms their systems.

Here is a small list of the potential damages that can be caused by XSS attacks:

  • Stealing the session data of the (authenticated) user
  • Manipulating files on the victim’s computer or the network he/she has access to
  • Tracking and recording keystrokes the victim makes in a Web application and sending them to the hacker
  • Stealing files from the attacked user’s computer or the network he has access to
  • Launching other attacks against systems the victim can reach with the browser

As XSS attacks are generally injected through Javascript codes, which is supported by every browser now, these attacks can mostly be categorized as platform independent. Sooner or later it will harm the reliability of your website once the end users know that your website is vulnerable and may compromise the integrity of their data.