Cross site scripting

Cross site scripting is an attack by which a hacker injects a malicious script into a genuine website taking advantage of a flaw in the validity controls of the site. On visiting the infected page or by clicking a link the script will be downloaded unknown to the user along with the data, and will be run on the user's computer.

This script may do various things such as displaying a popup insulting the user about their origins, diverting them to a phishing site, stealing their identity to enable the hacker to consult the victim's bank account or order something on the internet while impersonating them.

Cross site scripting (XSS) mainly affects sites that accept data from users without properly verifying their conformity. Firewalls, SSL encryption and anti-virus software are powerless when faced with this sort of attack.