A cross-site scripting (XSS) attack is
|“||[a]n attack that uses third-party web resources to run script within the victim's web browser or scriptable application. This occurs when a browser visits a malicious website or clicks a malicious link. The most dangerous consequences occur when this method is used to exploit additional vulnerabilities that may permit an attacker to steal cookies (data exchanged between a web server and a browser), log key strokes, capture screen shots, discover and collect network information, and remotely access and control the victim's machine.||”|
|“||a type of computer security vulnerability that uses malicious script imbedded in an otherwise benign and trusted web applications to gather user data. When the script is executed (e.g., when a user clicks on a compromised link in an email message or reads an infected forum post), sensitive user data can be accessed by the attacker.||”|
- ↑ Critical Infrastructure Protection: Cybersecurity Guidance Is Available, but More Can Be Done to Promote Its Use, at 4.
- ↑ Privacy Technical Assistance Center, Cross-site scripting (full-text).