Public exploits available
On this page
This signature detects commonly used exploitation techniques for cross site scripting vulnerabilities. In some cases, a detection may not indicate an actual XSS-style attack but rather that a particular web server may be vulnerable to some form(s) of cross-site scripting attacks.
An attacker who successfully exploited this vulnerability could run a malicious script. If this malicious script is run, it would run in the security context of the user on the client.
The script could take any action on the users computer that the Web site is authorized to take. These actions could include monitoring the users Web session and forwarding information to a third party,
running other code on the user's system, and reading or writing cookies.
Technical details (analysis)
Cross-site scripting (XSS) is a security vulnerability that could enable an attacker to "inject" code into a user's
session with a Web site. The attack involves Web servers that dynamically generate HTML pages. If these servers embed browser input in the dynamic
pages that they send back to the browser, these servers can be manipulated to include content in the dynamic pages. This will allow malicious
persistent state with the Web sites that they frequent. This attack does not modify Web site content. Instead, it inserts new, malicious script that can
execute at the browser in the security context associated with a trusted server.
Release Date: 2010-03-30T00:00:00
Known false positives
In some cases, a detection may not indicate an actual XSS-style attack but rather that a particular web server may be vulnerable to some form(s) of cross-site scripting attacks.