XSS stands for Cross-Site Scripting. The web works using HTML which uses angular brackets which act as an instruction to the web browser, for example by specifying text in the
<b> tag, you are instructing the browser to display some bold text. If you want to write an angle bracket as text and not as an instruction, you do something which is called escaping, it is using some specific codes in the text so that the browser renders the specific codes to something else, like the browser would render
< and it would render
>. Web apps usually take inputs from the user and store it in their database, and then render the data when required. So when a hacker, sends html as data to the database via the web app, the html is stored in the db, and when the same data is rendered as html, they affect the page and get inserted as HTML into the specific web page. This is what is called cross-site scripting. This was harmful to the users of the web app as suppose you set
</html> as your bio, when a user visits your profile and see your bio, the html tag would end for them, thus not rendering the remaining web page. This was a deadly attack for the websites.
HTML tags are not the only possibility for exploiting a website using XSS. There other vulnerabilities as well. Anything that acts on a user input, can be used to exploit the website, e.g.: functions. Attributes like
onerror could also be used to exploit a website using XSS.
- Websites must use XSS filtering on their websites, so that the HTML tags are filtered out.
- Websites must escape the Html tag angle brackets while storing some user input in the database
- Websites must test their user interface, so that they leave no XSS vulnerability.
XSS vulnerabilities can be endless, therefore websites organize bug bounty programs to find these vulnerabilities.
You can use the following websites to find out how XSS exploits work: