XSS term explained
Site Scriрting cross - site vulnerability in which an attacker could place code on the pages. In SEO XSS is typically used to host SEO links on hacked site that are indexed by search engines and thus increase the popularity of the site acceptor.
XSS occurs when entering custom scripts into server-generated pages. Not to be confused with the term CSS, term was given the name XSS.
For a long period of time programmers did not pay attention to the vulnerability special attention and considered it harmless. But this view is mistaken. On the page or the Cookie may be sensitive data such as session ID of the administrator.
XSS are divided into active and passive:
- Passive implies that the script is not on the server vulnerable web site, or it may not run automatically in the browser of the victim. To passive XSS to work, requires some action that needs to run a browser. This can be a click on a special link.
- When active XSS script is stored directly on the server and is triggered in the browser when opening the website.