ICSS Saved Harvard University from Hackers.
ICSS team member Pritam Mukherjee has founded a vulnerability on the website of Harvard University and it is resolved now from their end. It is a proud moment for ICSS.
What is cross-site scripting (XSS)
Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same-origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform and to access any of the user’s data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application’s functionality and data.
Cross-Site Scripting (XSS) attacks occur when:
- Data enters a Web application through an untrusted source, most frequently a web request.
- The data is included in dynamic content that is sent to a web user without being validated for malicious content.
How to find and test for XSS vulnerabilities
The vast majority of XSS vulnerabilities can be found quickly and reliably using any web vulnerability scanner.
How to Protect Yourself
The primary defenses against XSS are described in the OWASP XSS Prevention Cheat Sheet.
How to Determine If You Are Vulnerable