A CDE Definition
An exploit that takes advantage of database query software that does not thoroughly test the query statement for correctness. Along with cross-site scripting (see XSS), SQL injection is used by worms to break into websites and extract data or embed malicious code.
(CROSS-Site Scripting) Causing a user's Web browser to execute a malicious script. There are several ways this is done. One approach is to hide code in a "click here" hyperlink attached to a URL that points to a non-existent Web page. When the page is not found, the script is returned with the bogus URL, and the user's browser executes it.
An "XSS hole" is a vulnerability in an application that enables cross-site scripting to be exploited. See parameter tampering and CSRF.
Before/After Your Search Term
Terms By Topic
Click any of the following categories for a list of fundamental terms.