Discover the definition of the term Xss (Cross-Site Scripting) presented by Les Assises de la Cybersécurité.

XSS (CROSS-SITE SCRIPTING)

A cross-site scripting attack begins when an attacker is able to have content of their choice displayed on a third-party website (for example, via comments or private messages that will be read in a browser). If the website that receives and displays this content does not do sufficient filtering, the attacker will be able to include tags and code (often Javascript, but it can be any language supported by browsers) that will then be interpreted by all users who view it. This can lead to session theft (and thus allow the attacker to hijack visitors’ social media accounts, even if the victim site has nothing to do with them), or to redirect victims to fake sites (phishing, see “Phishing”).

Mark Slemko, one of the inventors of this type of attack, who was told that the name did not really describe its behavior, replied: “we had more important things to do at the time.” Since then, many CISOs have also tried to use it to exonerate themselves when their site was the victim of XSS. They are no longer here to testify to it.