Cross Site Scripting in path Security Vulnerability

Description
Cross site scripting in path (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user in the URL.  Because a browser cannot know if the script should be trusted or not, it will execute the script injected in the URL in the user context allowing the attacker to access any cookies or session tokens retained by the browser.

Impact
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them.An attacker can steal the session cookie and take over the account, impersonating the user.  It is also possible to modify the content of the page presented to the user.

References
Acunetix Cross Site Scripting Attack
Security Focus - Penetration Testing for Web Applications (Part Two)
The Cross Site Scripting Faq
OWASP Cross Site Scripting
XSS Annihilation
XSS cheat sheet

Acunetix Web Application Security Blog

Latest Article

Web Server Security and Database Server Security

If your servers and/or web applications are compromised, hackers will have complete access to your backend data even though your firewall is configured correctly and your operating system and applications are patched repeatedly. Read more and learn on web server security

Latest Whitepaper

Why File Upload Forms are a major security threat

This white paper talks about common file upload forms validation types and also how malicious users can easily bypass them.  With the help of Acunetix WVS, a web developer can easily find these vulnerabilities in web applications without the need of advanced web security expertise.  He can also easily solve them thanks to the amount of extensive information Acunetix WVS reports.

Testimonials

“The issues detected were of major impact; if hackers would have found the security holes, they could have hacked an entire Joomla! Site.”

Robin Muilvijk
Quality & Testing Team, Joomla!