 |
| Image source: nowhere.net |
At the start of the year, around 1,600 WordPress plugin vulnerabilities were analyzed over the course of 14 months. It was discovered that 46.97 percent of these were prone to cross-site scripting (XSS) attacks.
According to a study by Symantec in the second half of 2007, there were 11,253 site-specific cross-site scripting vulnerabilities documented, a figure considerably higher than the 2,134 traditional vulnerabilities recorded during the same period.
XSS is a security vulnerability that enables hackers to inject malicious, client-side scripts in trusted websites. By doing so, an unsuspecting user who accessed the web-based application will unwittingly execute the code or script, allowing the attacker to view and manipulate sensitive page content, session contents, authorization cookies, and other information retained by the browser on behalf of the user.
 |
| Image source: tripwire.com |
The hacker will then be able to use the victim’s credentials to access the website. If the website contains sensitive information, such as credit card data, the hacker can steal the information. He can also gain administrator privileges on the website, should he be able to successfully inject a code that the web host or owner clicks on.
These are just some of the consequences of XSS attacks; the effects of this vulnerability range from trivial nuisances to significant web security risks.
Founded in 2008, blog to learn more about the industry.
No comments:
Post a Comment