Abstract
Cross channel scripting (XCS) is a common web application vulnerability, which is a variant of a cross-site scripting (XSS) attack. An XCS attack vector can be injected through network protocol and smart devices that have web interfaces such as routers, photo frames, and cameras. In this attack scenario, the network devices allow the web administrator to carry out various functions related to accessing the web content from the server. After the injection of malicious code into web interfaces, XCS attack vectors can be exploited in the client browser. In addition, scripted content can be injected into the networked devices through various protocols, such as network file system, file transfer protocol (FTP), and simple mail transfer protocol. In this paper, various computational techniques deployed at the client and server sides for XCS detection and mitigation are analyzed. Various web application scanners have been discussed along with specific features. Various computational tools and approaches with their respective characteristics are also discussed. Finally, shortcomings and future directions related to the existing computational techniques for XCS are presented.
Highlights
Academic Editors: Piyush KumarWeb applications are widely accepted as one of the best platforms for delivering information over the Internet
Most of the vendors have designed firmware components known as lights-out management (LOM) modules, which can be externally acquired by an admin
Many cross channel scripting attack vectors were found in BitTorrent clients [7], but an interesting fact is that an XCS attack vector results from a peer-to-to-peer (P2P) channel
Summary
Web applications (apps) are widely accepted as one of the best platforms for delivering information over the Internet. These apps provide access to a variety of online services, such as social networking sites, e-mails, Internet banking, and e-commerce applications, that employ several technologies and web components [1,2]. Cross-site scripting (XSS) is a type of cyber threat in which a browser application’s loopholes are exploited in order to inject a malicious script. This means that stealing cookies, phishing, or hacking an organization’s entire network might compromise users’ data [3].
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call