For those of you who don’t know the acronym, XSS stands for Cross-Site Scripting. It is the term that has been given to web pages that can be tricked into displaying web surfer supplied data capable of altering the page for the viewer. This is a pretty broad term and I apologize, but as you will see XSS has such a wide ranging berth of attack vectors that such a Description is necessary.
We have all seen the numerous Bugtraq postings « XSS FOUND IN MANY MAJOR WEB SITES » and we have seen the examples to prove it Does indeed exist, but many of these still leave many readers thinking « Ok, so they can throw up an alert box, how dangerous can that be? »