The Cross Site scripting is one of the problems that have plagued a lot of websites. Cross site scripting or XSS, is a term for a category of security issues in which an attacker injects HTML tags or scripts into a target website.
Cross-site scripting vulnerabilities date back to 1996 during the early days of the World Wide Web. A time when e-commerce began to take off, the bubble days of Netscape, Yahoo and the obnoxious blink tag.
In December 1999, David Ross was working in security response for Internet Explorer at Microsoft. He was inspired by the work of Georgi Guninsky who was at the time finding flaws in Internet Explorers security model.
David demonstrated that web content could expose ‘Script Injection’ effectively by -passing the same security guarantees by passed by Georgi’s Internet Explorer code flaws, but where the fault seemed to exist on the server side instead of the client side Internet Explorer code.
Cross site scripting can be performed by passing scripts in form of:
*TextBox
*Cookies
*Query Strings
*Web application variable
*Session variables
A web page is vulnerable to cross site scripting if it dynamically generates document content and bases that content on user submitted date without first ‘sanitizing’ that data by removing any embedded HTML tags from it.
Cross-site scripting
