====== Cross Site Scripting (XSS) Attack ======

===== Exploited Vulnerability =====

  * [[security:function:response_functions|Security sensitive HTTP response functions]].

===== Additional Information =====

  * See [[security:web application security]] and [[catalog|security attacks catalog]].
  * [[https://www.spidynamics.com/whitepapers/SPIcross-sitescripting.pdf|Cross Site Scripting (PDF)]]
  * [[http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf|Cross Site Tracing (PDF)]]
  * [[http://www.technicalinfo.net/papers/CSS.html|HTML Code Injection and Cross-site scripting]]
  * [[http://shiflett.org/articles/foiling-cross-site-attacks|Foiling Cross Site Attacks]]