- 818
- 222
Cross-site scripting is often underestimated. While the vulnerability does not directly affect the web server or the database, it may very easily lead to severe consequences such as the following:
- The attacker may be able to trick a legitimate user into providing their login credentials. If that user has administrative privileges, the attacker will gain administrative access to the web application. The attacker may also steal the user’s session cookies and then use them to log in as the victim to perform session hijacking. Such session token theft may lead to severe consequences, including the attacker obtaining full control over the web application (if the user’s cookie belonged to an administrator) and escalating the attack further.
- The attacker may introduce malicious JavaScript into your regular pages, attacking every user that visits that page. This may lead to the exposure of sensitive information that users send to your page or retrieve from your databases.
- The attacker may use a site vulnerable to reflected XSS attacks as a tool to conduct a phishing campaign. Millions of emails may include a link leading to your web application – and whenever a victim visits that link, the victim’s browser will execute malicious content supplied by the attacker. This may have a huge impact on the reputation of your business.
- The attacker may also use cross-site scripting to download malware to the user’s computer, for example, a cryptocurrency mining script, DDoS botnet script, or even a trojan or ransomware installer. If this happens to a user with administrative privileges to company assets, it could even allow the attacker to gain full access to internal systems.