Abstract
Cross-site scripting is one of the severe problems in Web Applications. With more connected devices which uses different Web Applications for every job, the risk of XSS attacks is increasing. In Web applications, hacker steals victims session details or other important information by exploiting XSS vulnerabilities. We studied 412 research papers on cross-site scripting, which are published in between 2002 to 2019. Most of the existing XSS prevention methods are Dynamic analysis, Static analysis, Proxy based method, Filter based method etc. We categorized existing methods and discussed solutions presented on papers and discussed impact of XSS attacks, different defensive methods and research trends in XSS attacks.
Highlights
Cross-site scripting attacks are happing since the 1990s
In reflected cross-site scripting attacks, malicious scripts are inserted into HTTP query parameters for a vulnerable page, and the server reflects these malicious scripts into the user browser without sanitizing them
Stored Cross-Site Scripting In stored cross-site scripting, malicious scripts are stored in server-side, and these scripts execute at the user browsers who ever access that vulnerable page, check Fig. 2
Summary
Cross-site scripting attacks are happing since the 1990s. All most all popular social networking sites like FaceBook, Twitter, and YouTube are affected by XSS attacks. Based on Netsparker web security statistics still, cross-site scripting is a more common vulnerability in web applications. In XSS attacks, the attacker injects malicious JavaScript code into a vulnerable web application, and whenever the regular user executes that malicious code in their browser unauthorized actions will be performed like sending sensitive data to the attacker or redirecting the user to the malicious site, etc. The rest of the paper is organized as follows: Section 2 shows different types of XSS attacks.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Advanced Computer Science and Applications
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
