Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
| Beide Seiten der vorigen Revision Vorhergehende Überarbeitung | |||
| modul:m183:learningunits:lu10:lu10b [2026/01/28 16:31] – dgaravaldi | modul:m183:learningunits:lu10:lu10b [2026/01/28 16:35] (aktuell) – dgaravaldi | ||
|---|---|---|---|
| Zeile 1: | Zeile 1: | ||
| - | ====== | + | ====== |
| - | < | + | < |
| - | **Cross-site scripting (XSS)* | + | |
| + | **Cross-site scripting (XSS)** is a very common type of web application attack vector in which malicious code is injected into a vulnerable web application. Unlike other attacks that target the application’s server or database directly, XSS targets the **users of the web application** — because the injected code runs in their browsers in the context of the legitimate website. | ||
| A successful XSS attack can cause serious damage — including compromised user accounts, activation of Trojan code, manipulation of page content to trick users into sharing sensitive data, or exposure of session cookies that allow attackers to impersonate valid users. | A successful XSS attack can cause serious damage — including compromised user accounts, activation of Trojan code, manipulation of page content to trick users into sharing sensitive data, or exposure of session cookies that allow attackers to impersonate valid users. | ||
| Zeile 8: | Zeile 9: | ||
| ==== Types of XSS Attacks ==== | ==== Types of XSS Attacks ==== | ||
| - | There are **two major types* | + | There are **two major types** of cross-site scripting attacks commonly discussed: |
| * **Stored XSS (Persistent)** – A malicious script is permanently injected into an application and served to all users. | * **Stored XSS (Persistent)** – A malicious script is permanently injected into an application and served to all users. | ||